Systems and methods for providing stable deployments to mainframe environments

ABSTRACT

A method for providing mainframe codebase maintenance and security is performed by a mainframe deployment device. The method includes importing the mainframe codebase from a mainframe device. The mainframe codebase includes at least one code region including at least one code element. The method also includes identifying the code regions and initializing a branch repository corresponding to at least one identified code region. The method includes querying the imported mainframe codebase to identify, for the code elements, a user identifier and a source region. The method includes populating the branch repositories with the code elements based on the respective source region. The method includes applying a code quality scan to the populated branch repositories to identify a code quality issue in the respective code elements. The method also includes submitting at least one code element having an identified code quality issue to a user device correct the code quality issues.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of U.S. patent applicationSer. No. 16/438,660, filed Jun. 12, 2019 which is incorporated byreference herein in its entirety for all purposes.

FIELD OF INVENTION

The field relates to deployments of software programs in mainframeenvironments. More specifically, the field of the invention is relatedto deployment stability and reliability in such mainframe environments.Further, the field of invention includes providing improved models toimprove code quality, scalability, and security of mainframe codebasesin an automated fashion.

BACKGROUND OF THE DISCLOSURE

Continuous integration and continuous delivery (“CICD”) is an importantapproach to modern software development. CICD employs methods to breakdown the historically strict and rigid phases and checkpoints ofsoftware development and to allow for continuous development withminimal delay. While CICD has become favored in many developmentenvironments, applying CICD to mainframe contexts is particularlychallenging. Indeed, applying CICD to mainframes is frequentlyunreliable and involves risks at each and every step of the process.

For example, there are risks that development builds are unstable, thatdevelopment builds are not deployable to a mainframe, that developmentbuilds cannot pass phases for coverage and testing, that packages cannotbe successfully created, and that packages cannot execute on amainframe. These risks undermine the central purpose of CICD—to allowfor continuous integration and development. Instead, the risks posesignificant threats of delays in software release because steps may needto be repeated. Further, mainframes are frequently used for businesscritical software projects. As such, these risks are amplified becausethe dangers of delayed deployments are often unacceptable in mainframeenvironments.

In addition to threatening to delay deployments, there are significantrisks associated with deploying unstable software onto mainframes. If anunstable build is deployed into release, it may result in systemfailures which can negatively impact critical activities. Because of theroles of mainframes in production environments, such failures can havesignificant costs. In addition, such failures are time-consuming andexpensive to resolve, while simultaneously wasting valuable time on themainframe.

In many examples, mainframe codebases are unable to leverage orotherwise utilize modern software development techniques because oftheir contexts. Most notably, providing crucial code reviews, debugging,and other quality assurance tasks is difficult or impossible to do formainframe codebases in their native contexts. As a result, mainframecodebases frequently become poorly maintained, difficult to utilize, andpose serious risks of performance problems or failure. Yet, becausemainframe code is often utilized in business critical applications,enterprise systems are posed with difficult problems. Using knowntechniques, such organizations can either perform quality assuranceoperations on mainframe codebases in their native contexts and expendsignificant resources or they can end-of-life mainframe code bases.Neither approach is desirable because of the impact it may have to otherenterprise systems or resource utilization. Further, the process ofleveraging legacy codebases from mainframes may include additional risksbecause such codebases may include sensitive information that could posesecurity risks if the sensitive information is made accessible.

Accordingly, a solution to these technical problems is desired that canprovide CICD approaches to mainframes while improving the reliabilityand the stability of the deployments. Further, a solution is desiredthat improves maintainability, quality, and security of mainframecodebases without requiring substantial overhead.

BRIEF SUMMARY OF THE INVENTION

In one aspect, a mainframe deployment system is provided for deployingcode to a mainframe device in a stable, self-correcting manner. Themainframe deployment system includes at least a software managementdevice, a dispatcher device, at least one testing service, a mainframedevice, and a mainframe deployment device including a processor and amemory device. The processor of the mainframe deployment device isconfigured to (a) receive a code section from the software managementdevice, wherein the code section includes a status identifier, (b) upondetermining that the status identifier is complete, identify a set ofvalid sub-components from the code section using a dispatcher serviceassociated with the dispatcher device, (c) upon determining that theidentified set of valid sub-components are capable of creating a build,identify a set of elements in the code section identified fordeployment, (d) upon determining that the set of elements in the codesection are deployable, request the at least one testing service toperform at least one set of code diagnostics to determine whether thecode section satisfies build requirements, (e) upon determining that theat least one set of code diagnostics satisfies a diagnostic goal formainframe stability, attempt to create a deployment package from thecode section, (f) upon successfully creating the deployment package,identify a production program running on the mainframe device, (g)compare the production program to the deployment package to identify aset of synchronization errors, (h) resolve the set of synchronizationerrors, and (i) deploy the deployment package to the mainframe deviceupon resolving the set of synchronization errors.

In another aspect, a mainframe deployment device is provided fordeploying code to a mainframe device in a stable, self-correctingmanner. The mainframe deployment device includes a processor and amemory device. The mainframe deployment device is in communication withat least a software management device, a dispatcher device, at least onetesting device, and a mainframe device. The processor of the mainframedeployment device is configured to (a) receive a code section from thesoftware management device, wherein the code section includes a statusidentifier, (b) upon determining that the status identifier is complete,identify a set of valid sub-components from the code section using adispatcher service associated with the dispatcher device, (c) upondetermining that the identified set of valid sub-components are capableof creating a build, identify a set of elements in the code sectionidentified for deployment, (d) upon determining that the set of elementsin the code section are deployable, request the at least one testingservice to perform at least one set of code diagnostics to determinewhether the code section satisfies build requirements, (e) upondetermining that the at least one set of code diagnostics satisfies adiagnostic goal for mainframe stability, attempt to create a deploymentpackage from the code section, (f) upon successfully creating thedeployment package, identify a production program running on themainframe device, (g) compare the production program to the deploymentpackage to identify a set of synchronization errors, (h) resolve the setof synchronization errors, and (i) deploy the deployment package to themainframe device upon resolving the set of synchronization errors.

In yet another aspect, a method is provided for deploying code to amainframe device in a stable, self-correcting manner. The method isperformed by a mainframe deployment device including a processor and amemory. The method includes (a) receiving a code section from a softwaremanagement device, wherein the code section includes a statusidentifier, (b) upon determining that the status identifier is complete,identifying a set of valid sub-components from the code section using adispatcher service associated with a dispatcher device, (c) upondetermining that the identified set of valid sub-components are capableof creating a build, identifying a set of elements in the code sectionidentified for deployment, (d) upon determining that the set of elementsin the code section are deployable, requesting at least one testingservice to perform at least one set of code diagnostics to determinewhether the code section satisfies build requirements, (e) upondetermining that the at least one set of code diagnostics satisfies adiagnostic goal for mainframe stability, attempting to create adeployment package from the code section, (f) upon successfully creatingthe deployment package, identifying a production program running on amainframe device, (g) comparing the production program to the deploymentpackage to identify a set of synchronization errors, (h) resolving theset of synchronization errors, and (i) deploying the deployment packageto the mainframe device upon resolving the set of synchronizationerrors.

In a further aspect, a quality assurance system for maintenance andsecurity of mainframe codebases is provided. The quality assurancesystem includes a mainframe device including a mainframe processor and amainframe memory. The mainframe memory includes a mainframe codebase.The quality assurance system also includes a mainframe deployment devicefurther including a processor and a memory device. The mainframedeployment device is in communication with the mainframe device. Theprocessor is configured to import the mainframe codebase from themainframe device. The mainframe codebase includes at least one coderegion including at least one code element. The processor is alsoconfigured to identify the at least one code region of the mainframecodebase and to initialize a branch repository corresponding to at leastone identified code region. The processor is additionally configured toquery the imported mainframe codebase to identify, for the codeelements, a user identifier and a source region. The user identifierindicates an owner of the respective code element. The source regionrepresents the code region of the respective code element. The processoris also configured to populate the branch repositories with the codeelements based on the respective source region. The processor is furtherconfigured to apply a code quality scan to the populated branchrepositories to identify a code quality issue in the respective codeelements. The processor is also configured to submit at least one codeelement having an identified code quality issue to a user deviceassociated with the respective user identifier to correct the codequality issues.

In yet another aspect, a mainframe deployment device for providingmainframe codebase maintenance and security is provided. The mainframedeployment device includes a processor and a memory device. Themainframe deployment device is in communication with a mainframe deviceincluding a mainframe processor and a mainframe memory. The mainframememory includes a mainframe codebase. The processor is configured toimport the mainframe codebase from the mainframe device. The mainframecodebase includes at least one code region including at least one codeelement. The processor is also configured to identify the at least onecode region of the mainframe codebase and to initialize a branchrepository corresponding to at least one identified code region. Theprocessor is additionally configured to query the imported mainframecodebase to identify, for the code elements, a user identifier and asource region. The user identifier indicates an owner of the respectivecode element. The source region represents the code region of therespective code element. The processor is also configured to populatethe branch repositories with the code elements based on the respectivesource region. The processor is further configured to apply a codequality scan to the populated branch repositories to identify a codequality issue in the respective code elements. The processor is alsoconfigured to submit at least one code element having an identified codequality issue to a user device associated with the respective useridentifier to correct the code quality issues.

In an additional aspect, a method for providing mainframe codebasemaintenance and security is provided. The method is performed by amainframe deployment device including a processor and a memory. Themethod includes importing the mainframe codebase from a mainframedevice. The mainframe codebase includes at least one code regionincluding at least one code element. The method also includesidentifying the at least one code region of the mainframe codebase andinitializing a branch repository corresponding to at least oneidentified code region. The method includes querying the importedmainframe codebase to identify, for the code elements, a user identifierand a source region. The user identifier indicates an owner of therespective code element. The source region represents the code region ofthe respective code element. The method additionally includes populatingthe branch repositories with the code elements based on the respectivesource region. The method also includes applying a code quality scan tothe populated branch repositories to identify a code quality issue inthe respective code elements. The method also includes submitting atleast one code element having an identified code quality issue to a userdevice associated with the respective user identifier to correct thecode quality issues.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosure will be better understood, and features, aspects andadvantages other than those set forth above will become apparent whenconsideration is given to the following detailed description thereof.Such detailed description makes reference to the following drawings,wherein:

FIG. 1 is a functional block diagram of an example system including ahigh-volume pharmacy.

FIG. 2 is a functional block diagram of an example pharmacy fulfillmentdevice, which may be deployed within the system of FIG. 1 .

FIG. 3 is a functional block diagram of an example order processingdevice, which may be deployed within the system of FIG. 1 .

FIG. 4 is a functional block diagram of an example computing device thatmay be used in the environments described herein.

FIG. 5 is a functional block diagram of a mainframe deployment systemincluding multiple computing devices shown in FIG. 4 .

FIG. 6 is a flow diagram representing a method for providing stablesoftware deployments to a mainframe environment performed by themainframe deployment device of the mainframe deployment system shown inFIG. 5 .

FIG. 7 is a diagram of elements of one or more example computing devicesthat may be used in the system shown in FIGS. 1-5 .

FIG. 8 is a flow diagram representing a dispatcher process performed bythe mainframe deployment system of FIG. 5 .

FIG. 9 is a flow diagram representing a pre-deployment validationprocess performed by the mainframe deployment system of FIG. 5 .

FIG. 10 is a flow diagram representing a code analysis process performedby the mainframe deployment system of FIG. 5 .

FIG. 11 is a flow diagram representing a pre-deployment test processperformed by the mainframe deployment system of FIG. 5 .

FIG. 12 is a flow diagram representing a code coverage analysis processperformed by the mainframe deployment system of FIG. 5 .

FIG. 13 is a flow diagram representing an approval process performed bythe mainframe deployment system of FIG. 5 .

FIG. 14 is a flow diagram representing a build package creation processperformed by the mainframe deployment system of FIG. 5 .

FIG. 15 is a flow diagram representing a package casting processperformed by the mainframe deployment system of FIG. 5 .

FIG. 16 is a flow diagram representing a package execution processperformed by the mainframe deployment system of FIG. 5 .

FIG. 17 is a flow diagram representing a post-deployment test processperformed by the mainframe deployment system of FIG. 5 .

FIG. 18 is a flow diagram representing a method for maintaining andsecuring mainframe codebases performed by the mainframe deploymentdevice of the mainframe deployment system shown in FIG. 5 .

FIG. 19 is a diagram of elements of one or more example computingdevices that may be used in the system shown in FIGS. 1-5 .

FIG. 20 is a flow diagram of a process performed by the mainframedeployment device to provide maintenance, testing, and quality assurance(“QA”) to a mainframe codebase.

FIG. 21 is a flow diagram of a process performed by the mainframedeployment device to secure a mainframe codebase.

DETAILED DESCRIPTION

Unless defined otherwise, all technical and scientific terms used hereinhave the same meaning as commonly understood by one of ordinary skill inthe art to which the disclosure belongs. Although any methods andmaterials similar to or equivalent to those described herein can be usedin the practice or testing of the present disclosure, the preferredmethods and materials are described below.

As used herein, the term “mainframe” refers to a central data processingsystem used in large organizations. Mainframe systems typically aresystems used to host mission-critical programs including commercialdatabases, transaction servers, and crucial applications that mayrequire high-availability or high-security. Mainframe systems aretypically capable of working with and processing hundreds of thousandsor millions of input/output (“I/O”) operations simultaneously. In manyinstances, mainframe systems employ clustering technologies to providemultiple instances of programs simultaneously. Relevant to thisapplication, mainframe systems typically utilize specialized hardwareand operating systems.

As used herein, the term “CICD” or “CI/CD” refers to a combined processof continuous integration (“CI”) and continuous deployment (ordelivery)(“CD”). Continuous integration is the software engineeringpractice of merging all working copies of developer source code into ashared repository on a repeated basis (e.g., multiple times per day).Continuous deployment (or delivery) is a software engineering practiceof producing software using short development cycles, thereby ensuringthat software can be reliably released at any time. The purpose ofcontinuous deployment (or delivery) is to build, test, and releasesoftware with greater speed and frequency. CICD generally has the goalsof (1) reducing the time, cost, and risk of delivering changes tosoftware programs, and (2) allowing software programming teams to bemore agile, and responsive to feature and enhancement requests.

As used herein, the term “code coverage” (or “test coverage”) refers toa measurement to describe the degree to which source code of a programis executed when a particular test bed (or test suite) is run.Therefore, for example, a program with a high measured code coveragevalue has more of its source code used during testing, and a programwith a low measured code coverage value has less of its source code usedduring testing. As such, high scores for code coverage correlate to (a)source code that efficiently satisfies the use cases underlying the testbed (or test suite), and (b) source code that that is more completelytested by the test bed (or test suite).

As used herein, the terms “tests”, “test suite”, or “test bed” refer toa collection of software tests that are run in the course of softwaredevelopment to test whether a software program can demonstrate expectedsets of behaviors without failure. Failure of a software program tosatisfactorily demonstrate such expected sets of behaviors may beidentified as a “bug” or a “testing error”. As described herein, oncerun, test suites and test beds may generate testing results reflectingthe degree to which the software program either demonstrated expectedbehaviors, or failed to demonstrate such expected behaviors. In someexamples, testing results may be represented as a numeric score. Inother examples, testing results may be represented as a percentage, aranking, or a qualitative score.

As used herein, the term “dispatcher” or “dispatcher device” refers tosystems and programs that assign tasks, work, and activities to systems,programmers, or other entities. As used herein, dispatchers anddispatcher devices make such assignments based on pre-defined projectdescriptions or “stories”.

As used herein, the term “quality assurance” or “QA” refers to methodsof preventing mistakes and defects in software development and avoidingproblems when delivering software or technical services to productionuse by customers or other users. Quality assurance or QA refers to tasksconducted to identify, assess, and remediate code quality issues andcode security issues as well as other issues in source code.

As used herein, the term “code region” refers to any identifiabledivision, region, sub-division, or sub-region of mainframe codebases. Asdescribed herein, mainframe codebases such as COBOL codebases arestructured to use organizational sections, divisions, regions to divideor sub-divide the codebases. For example, a COBOL program is split intofour code divisions (or code regions) in the following order: anidentification division, an environment division, a data division, and aprocedure division. The identification division specifies the name andtype of the source element and is where classes and interfaces arespecified. The environment division specifies any program features thatdepend on the system running it. These may include files and charactersets. The data division is used to declare variables and parameters. Theprocedure division contains the program's statements. Each division issub-divided into sections, which are made up of paragraphs. Generally, amainframe codebase utilizes defined headers, structures, and othersyntactical elements to define each code region. For example, in COBOL,such code regions typically have defined headers for distinguishingdivisions, sections, paragraphs, and data divisions.

As used herein, the term “code element” refers to a section of mainframecodebase and specifically to an element or component of the codebase.Mainframe codebases, such as COBOL, are hierarchical in structure andinclude elements with respective sub-ordinate elements. For example, inCOBOL, the hierarchical levels are the following, in descending order(from most general to most specific): (1) program, (2) division, (3)section, (4) paragraph, (5) sentence, and (6) statement. A program isthe “highest” hierarchical level in a mainframe codebase and includes acollection of code that is decipherable by a COBOL interpreter.

As used herein, a “division” is a block of code, usually containing oneor more sections, that starts where the division name is encountered andends with the beginning of the next division or with the end of theprogram text. As used herein, a “section” is a block of code usuallycontaining one or more paragraphs. A section begins with the sectionname and ends where the next section name is encountered or where theprogram text ends. Section names are devised by the programmer, ordefined by the language. A section name is typically followed by theword “SECTION” and a period (“.”).

As used herein, a “paragraph” is a block of code made up of one or moresentences. A paragraph begins with the paragraph name and ends with thenext paragraph or section name or the end of the program text. Aparagraph name is devised by the programmer or defined by the language,and is followed by a period. As used herein, a “sentence” typicallyincludes one or more statements and is terminated by a period.

As used herein, a “statement” includes a mainframe operation (e.g., aCOBOL verb) and an operand or operands.

In view of known problems associated with providing stable deploymentsto mainframes, systems and methods are described herein that can ensurethat code is provided and deployed to mainframes in a self-correctingmanner.

Further, in view of known problems associated with mainframe codebasessecurity and maintenance, systems and methods are described herein thatensure that mainframe code is maintained, tested, and risks aremitigated.

Specifically, known mainframe codebases have significant drawbacks interms of maintenance, code quality, and security. Because of thehistoric approaches taken in developing for mainframes, such mainframecodebases cannot leverage modern software development tools and systems.For example, modern software development and the tools used to supportsuch development depend on fundamental concepts including (a) codebranching, (b) code ownership, and (c) code versioning or code dating.In order to test, QA, and maintain code, such concepts are required inorder to (a) efficiently direct code issues to the appropriate owner and(b) ensure that QA efforts are directed to the appropriate branch ofcode.

The implications of these problems are that mainframe codebases are atgreat risk of being poorly maintained, tested, secured, and are notavailable to the QA tools of enterprise development teams. Thus,mainframe systems which run such mainframe codebases are at risk ofrun-time errors, faults, system downtime, and even obsolescence. Becauseof the significant importance of mainframe systems (which often runbusiness critical software), the ramifications of such problems mayextend throughout entire datacenters or computing environments and may,therefore, pose risk of errors or downtime at a system-wide level. Thesystems and methods disclosed herein provide a technological solution tosuch technical problems by providing maintenance and security solutionsfor mainframe codebases. In one example, the systems and methods may beused on common business-oriented language (“COBOL”) codebases. Inanother, the systems and methods may be used on job control language(“JCL”) codebases.

The systems and methods disclosed provide a comprehensive mechanism forsoftware deployment from the beginning of a software lifecycle throughdeployment. By screening software packages through each phase of thelifecycle, the systems ensure that the end-delivered software packageswill only be deployed if they can be done so stably, and withintolerable performance parameters for the mainframe environment.

The systems and methods are performed by a mainframe deployment device.In the example embodiment, the device is configured to be incommunication with a software management service, a dispatcher service,at least one testing service, at least one messaging service, and amainframe device. In the example embodiment, the mainframe deploymentdevice includes a processor and a memory device.

The mainframe deployment device is configured to (i) receive a codesection, wherein the code section includes a status identifier, (ii)upon determining that the status identifier is complete, process thecode section to identify a set of valid sub-components from the codesection, (iii) upon determining that the identified set of validsub-components are capable of creating a build, identify a set ofelements in the code section identified for deployment, (iv) upondetermining that the set of elements in the code section are deployable,perform at least one set of code diagnostics to determine whether thecode section satisfies build requirements, (v) upon determining that theat least one set of code diagnostics satisfies a diagnostic goal formainframe stability, attempt to create a deployment package from thecode section, (vi) upon successfully creating the deployment package,identify a production program running on the mainframe device, (vii)compare the production program to the deployment package to identify aset of synchronization errors, (viii) resolve the set of synchronizationerrors, and (ix) deploy the deployment package to the mainframe device.

Further, the mainframe deployment system is configured to execute aseries of processes that collectively facilitate the stable and reliabledeployment of code to the mainframe. In particular, the processesinclude (a) a dispatcher process, (b) a pre-deployment validationprocess, (c) a code analysis process, (d) a pre-deployment test process,(e) a code coverage analysis process, (f) an approval process, (g) abuild package creation process, (h) a package casting process, (i) apackage execution process, and (j) a post-deployment test process.

The mainframe deployment device is configured to receive a code sectionthat includes a status identifier from the software management device.The mainframe deployment device determines whether the status identifierreflects that the code section is identified as complete, and if so,identifies a set of valid sub-components from the code section using thedispatcher service. The dispatcher service initiates the dispatcherprocess and, in so doing, receives a web hook, parses the web hook, andloads a configuration based on the parsed web hook. The dispatcherservice continues the dispatcher process by confirming whether aconfiguration loaded. If the configuration does not load, the buildfails. If the configuration loads, the dispatcher service determineswhether the code section has valid sub-components. If the dispatcherservice determines that the code section does not have validsub-components, the dispatcher service updates the software managementdevice to reflect the fact that the code section does not have validsub-components, and the build is marked as unstable. If the dispatcherservice determines that the code section has valid sub-components, thedispatcher service generates job parameters, and attempts to execute thejob. If the dispatcher service can locate the job and execute it, thebuild succeeds through this stage. If the dispatcher service cannotlocate the job and execute it, the build fails.

The mainframe deployment device is also configured to identify a set ofelements in the code section identified for deployment, upon determiningthat the identified set of valid sub-components are capable of creatinga build. In so doing, the mainframe deployment device performs apre-deployment validation process. The mainframe deployment device loadsa build configuration, updates the software management device to reflectthe build configuration loading, and verifies that at least onerequested element exists in the source region. More specifically, themainframe deployment device determines whether one of the elementsindicated in the build configuration exists in the source region. If noelements exist, the mainframe deployment device determines thatdeployment is not possible and the build fails. If the mainframedeployment device determines that at least one requested element existsin the source region, the mainframe deployment device determines whetherall elements can be deployed. If all elements can be deployed, themainframe deployment device proceeds. If some of the elements cannot bedeployed, the mainframe deployment device issues a warning (such as amissing elements warning), updates the software management device toreflect the warning, and proceeds.

The mainframe deployment device is also configured to perform a codeanalysis process. The mainframe deployment device receives proposedsource code and analyzes the code for dependencies. In some examples,the mainframe deployment device determines whether it requires parsinginformation. In some examples parsing information may include data suchas “copybooks” that are used to parse COBOL programs. The mainframedeployment device requests such parsing information, if required, andapplies it. The mainframe deployment device runs a code quality scan todetect code quality issues including code smells, securityvulnerabilities, and code bugs. In some examples, the mainframedeployment device uses an external code review system running codeinspection programs to perform the code quality scan. The mainframedeployment device receives code quality results from the code qualityscan and, if needed, updates the external code review system with thecode quality results. The mainframe deployment device also provides thecode quality results to an approver. In some examples, the approver is aprogrammatic function that determines whether the code quality resultssatisfy programmatic criteria. In other examples, the approver is ahuman reviewer. The mainframe deployment device receives a responseregarding whether the code quality results meet a minimum code qualitythreshold. If the threshold is met, the build succeeds and the projectcontinues. If the threshold is not met, the build fails.

The mainframe deployment device is also configured to request that theat least one testing service perform at least one set of codediagnostics to determine whether the code section satisfies buildrequirements. In some examples, the mainframe deployment device requeststhat the at least one testing service perform a pre-deployment testprocess. The testing service obtains a list of proposed tests to be runon the proposed code. The testing service also obtains testingconfigurations associated with the obtained list of proposed tests. Thetesting service calls a test manager and requests that the test managerperform each of the tests in the list of proposed tests, pursuant to thetest configurations. The testing service waits for the test managerresponse and records the results for each test. Results for each testmay be indicated based on the amount of successful behaviors orunsuccessful behaviors for each test. The testing service determinesaggregate testing results and determines whether the aggregate testinggoals are met. If all tests completed without errors, bugs, orexceptions, the pre-deployments test process concludes and the processproceeds. If some tests were completed with errors, bugs, or exceptions,but the aggregate testing goals are met, the testing service reports theerrors and the process proceeds. If the aggregate testing goals are notmet, the build fails.

The mainframe deployment device is also configured to perform a codecoverage analysis process after the testing process. The mainframedeployment device determines whether code coverage data is available.Code coverage data may be obtained during the pre-deployment testprocess by determining the degree to which the source code was executedwhen the tests of the pre-deployment test process were run. If codecoverage data is not available, the mainframe deployment devicegenerates a warning and proceeds. If code coverage data is available,the mainframe deployment device obtains the code coverage data anddetermines whether a minimum code coverage goal is met by comparing thecode coverage data to a minimum threshold for code coverage. If theminimum code coverage goal is met, the mainframe deployment deviceproceeds. If the minimum code coverage goal is not met, the mainframedeployment device generates a warning, and proceeds.

The mainframe deployment device is also configured to perform anapproval process. The mainframe deployment device generates a buildapproval message to be provided to an approver. The mainframe deploymentdevice determines whether at least one communication service isconfigured. In some instances, the communication service may be, forexample, an instant messaging service for use in project management. Inother instances, the communication service may be any other suitableelectronic messaging service including, for example, e-mail. If thecommunication service is configured, the mainframe deployment devicegenerates a request to be sent to the approver through thecommunications service (including, for example, e-mail or instantmessaging). The mainframe deployment device waits for a response fromthe approver. The mainframe deployment device determines whether theresponse is an approval. If the response is an approval, the buildsucceeds through this phase and the mainframe deployment deviceproceeds. If the response is not an approval or if the response comesafter a time-out, the build fails. As such, a build can only proceed ifan approver approves of the build within the pre-determined time-outwindow.

The mainframe deployment device is also configured to perform a buildpackage creation process. The mainframe deployment device generates apackage instruction statement. As used herein, a package instructionstatement is control information for a code release that may be used togenerate a package. The mainframe deployment device may pre-process thepackage instruction statement prior to attempting to create a packagebased on it. For example, if the package instruction statement isassociated with a particular requirement (e.g., COBOL 6 may require aprocessor group), the package instruction statement is adjusted toaddress such a requirement. The mainframe deployment device attempts tocreate a package based on the package instruction statement. If themainframe deployment device successfully creates the package, the buildsucceeds through this stage and the mainframe deployment deviceproceeds. If the mainframe deployment device fails to create thepackage, the build fails and the mainframe deployment device sends afailure alert.

The mainframe deployment device is also configured to perform a packagecasting process. The mainframe deployment device sends a cast requestand determines whether the casting succeeded. If the casting succeeded,the mainframe deployment device proceeds and the build continues throughthis stage. If the casting fails, the mainframe deployment devicedetermines whether the casting resulted in synchronization errors. Ifthe casting failed and there were not synchronization errors, themainframe deployment device determines that there was a failure, sends afailure alert, and the build fails. If the casting failed and there weresynchronization errors, the mainframe deployment device sends an erroralert message to an approver and waits for input approving the buildover the synchronization failures. If the mainframe deployment devicefails to receive a response to the input within a time-out window or ifthe input received is a rejection of approval, the mainframe deploymentdevice determines that that there was a failure, sends a failure alert,and the build fails. If the mainframe deployment device receives anapproval response to the input within the time-out window, the packageinstruction statement is updated to reflect the approval and themainframe deployment device sends a cast request. If the castingsucceeded, the mainframe deployment device proceeds and the buildcontinues through this stage. If the casting fails, the mainframedeployment device determines that that there was a failure, sends afailure alert, and the build fails.

The mainframe deployment device is also configured to perform a packageexecution process. The mainframe deployment device determines whetherapproval is required prior to deployment. If the mainframe deploymentdevice determines that approval is required, the mainframe deploymentdevice sends a request for approval and determines whether approval wasreceived. If approval is not successfully received, the mainframedeployment device determines that authentication failed and re-requestscredentials for approval. If the mainframe deployment device determinesthat approval was received, or that approval was not required, themainframe deployment device determines whether sweep approval isrequired. If sweep approval is required, the mainframe deployment devicesends a request for sweep approval and determines whether sweep approvalwas received. After sweep approval is received (or if it is notrequired), the mainframe deployment device executes the package anddetermines whether it was successful. If the package execution was notsuccessful, the build fails. If the package execution was successful,the mainframe deployment device determines whether the package executionresulted in exceptions. If the mainframe deployment device determinesthe package execution did not create exceptions, the mainframedeployment device proceeds. If the mainframe deployment devicedetermines the package execution created exceptions, the mainframedeployment device generates a warning and proceeds.

The mainframe deployment device is also configured to request that thetesting service perform a post-deployment test process. The testingservice obtains a list of proposed tests to be run on the deployed code.The testing service also obtains testing configurations associated withthe obtained list of proposed tests. The testing service calls a testmanager and requests that the test manager perform each of the tests inthe list of proposed tests, pursuant to the test configurations. Thetesting service waits for the test manager response and records theresults for each test. Results for each test may be indicated based onthe amount of successful behaviors or unsuccessful behaviors for eachtest. The testing service determines aggregate testing results anddetermines whether the aggregate testing goals are met. If all testscompleted without errors, bugs, or exceptions, the post-deployments testprocess concludes. If some tests were completed with errors, bugs, orexceptions, but the aggregate testing goals are met, the testing servicereports the errors and the process proceeds. If the aggregate testinggoals are not met, the deployed build is marked as failing.

In another embodiment, the mainframe deployment device and mainframedevice are incorporated into a quality assurance system that is used toensure mainframe codebase maintenance, quality assurance, and securityrisk mitigation. The quality assurance system provides two primarybenefits—enhanced mainframe codebase quality assurance andidentification of sensitive information in mainframe codebases.

Regarding mainframe codebase quality assurance, the benefits may bedescribed as follows. Generally, code review occurs late in the softwaredevelopment process. If and when issues are found late in the process,business requirements may drive development teams to ship a product withbugs or errors. Second, it is often difficult or impossible to identifyan owner (i.e., a person or team responsible for a particular section ofcodebase). In some examples, the owner may be the author of the codebaseor section of codebase. In other examples, the owner may be a group ofauthors of the codebase or section of codebase. In additional examples,the owner may be any individual(s) assigned responsibility to thecodebase or section of codebase, including when the author isunavailable. This problem is compounded in mainframe codebases becausemainframe codebases do not require user-specific check-ins that mayallow for identification of users. Third, given the scope and size ofcodebases (and particularly mainframe codebases), it is difficult orimpossible for human developers to truly review codebases or changes tocodebases. As a result, code reviews of mainframe codebases often become“rubber stamps” where a codebase is approved for shipment withoutsufficient analysis or investigation. This is further compounded byinconsistent criteria to review codebases. By necessity, the codebasesections that are changed most often are often the most difficult tomaintain or to QA. Fourth, and crucially, the design of mainframecodebases makes it difficult or impossible to address these underlyingconcerns because (a) it is difficult to identify owners of codesections, (b) version control and management is obscured because it isdifficult to identify the most current elements of a particular sectionof the codebase, and (c) code branching is not natively supported.

The quality assurance system provided address these problems and allowsdevelopers to create a code review process that (a) prioritizes reviewof new code and/or changed code; (b) delegates/assigns and controlsownership of QA and code maintenance; (c) applies consistent rulesacross sub-projects, projects, and development teams; and (d) allows forcode maintenance for the most changed code.

As used herein, mainframe codebases may include “projects” representingcodebases for a particular mainframe. A “project” is a discrete part ofa mainframe codebase that is aligned with a subsystem or subsystems(e.g., POS-POS) of a mainframe environment and typically provides adiscrete function or set of functions. As used herein, a “qualityprofile” is a set of rules, conditions, or metrics that are used toevaluate a mainframe codebase during testing, QA, and/or maintenance. Asused herein, a “code issue” or an “issue” is an indication that a givencode element (or another code hierarchical level) has failed to meet aquality profile or a part of a quality profile. As used herein, a“quality gate” is a set of thresholds or rules that may be used todetermine whether a code element, codebase, or section of a codebasemeets QA or maintenance goals and may be considered for production orpromoted in a codebase lifecycle. As used herein, an “application” is agroup of one or more projects that may be evaluated together by aquality gate. As used herein, “rules” are used to analyze a codebase(using, e.g., a code quality scan or a code security scan) to identifyissues in a code element, a section of a codebase, or a codebase. Ingeneral, rules have detailed descriptions including profiles forcompliant code (i.e., code that passes each rule) and non-compliant code(i.e., code that fails each rule).

In another example embodiment, a quality assurance system is providedfor maintenance and security of mainframe codebases. The qualityassurance system includes a mainframe device that includes a mainframeprocessor and a mainframe memory. The mainframe memory includes amainframe codebase. As used herein, a “mainframe codebase” may be anybody of software code that may run on a mainframe server including, forexample, COBOL, JCL, Assembly, or Rexx. The quality assurance systemalso includes the mainframe deployment device including a processor anda memory device. In the example embodiment, the mainframe deploymentdevice is in communication with the mainframe device via any suitableprotocol.

The processor is configured to import the mainframe codebase from themainframe device, wherein the mainframe codebase includes at least onecode region including at least one code element. In one example, theprocessor imports (or downloads) the mainframe codebase for eachsubsystem of the mainframe device.

The processor is also configured to identify the at least one coderegion of the mainframe codebase. The processor may further perform aninitialization step whereby the processor checks to see if a branchrepository exists for each of the subsystems. As described herein, eachbranch repository corresponds to a code region from the mainframecodebase. Thus, in operation a branch repository may actively beutilized for code quality maintenance, QA, testing, security, ordebugging for a corresponding code region of the mainframe codebase. Ifthe corresponding branch repository does not exist, the processor mayobtain an empty list of branches for initialization. If thecorresponding branch repository exists, the processor downloadscorresponding code elements and updates the corresponding branches ifand when updates have been determined. Thus, the processor isadditionally configured to initialize a branch repository correspondingto at least one identified code region.

The processor is also configured to query the imported mainframecodebase to identify, for the code elements, a user identifierindicating an owner of the respective code element and a source regionrepresenting the code region of the respective code element.Specifically, the processor is configured to parse or otherwise querythe code elements to identify user identifiers from the code elementsbased, for example, on code comments, code records, or structured tableslinking code regions to user identifiers. The processor is configured toparse or otherwise identify the code region based on the syntacticalinformation of the mainframe codebase.

In one example, the processor is also configured to generate, for eachof the respective branch repositories, a list of element detailsincluding a code element identifier distinctly identifying therespective code element, the user identifier for the respective codeelement, and the source region for the respective code element. In suchexamples, the list of element details may be used by the processor tofacilitate the code quality scans and code security scans, and to assignresulting code security issues and code quality issues to theappropriate user(s), as described below. Specifically, the processor isconfigured to query the appropriate system (e.g., Endevor) for a list ofall mainframe codebase elements (e.g., COBOL elements) for a particularcode region (or associated branch repository) and initialize anassociated list of element details (or download list). In one example,the list includes a listing for each code element, each user (or useridentifier), and a timestamp (for last update). The list of elementdetails thus reflects at least one record for each code element and, inmany cases, may provide a functional “change log” or “version controlrecord” indicating the changes to code elements over time, by user, andindicating the time of such changes.

The processor may iteratively query through each code region andidentify additional code elements as the mainframe codebase is updated.After the processor identifies each new code element, the processor isconfigured to add the newly identified code elements to the respectivebranch repository. In some examples, the processor determines whetherthe newly identified code element(s) have timestamp(s) that are morerecent than the most recent timestamp in the branch repository for thecorresponding code element(s) and adds only the newly identified listentries having a more recent timestamp than the corresponding codeelements of the branch repository. In such an example, the qualityassurance system (and the processor) effectively reduce the complexityof code review and analysis by including only the most recent updates ofthe code elements. (Thus, in such examples, intermediate code elemententries may be “skipped over” for efficiency.)

In at least some examples, the processor is configured to query theimported mainframe codebase to identify a timestamp indicating acreation time of the respective code element. In such examples, theprocessor is configured to generate, for the respective branchrepositories, the list of element details including the timestamp of therespective code element. The processor may also be configured to sortthe list of element details based, at least partially, on the respectiveidentified timestamps. In some such examples, the processor may furtherbe configured to submit at least one code element having an identifiedcode quality issue to a user based at least partially on the respectiveidentified timestamp. In other words, the processor may identify onlythe instances of a code element having code quality issues with the mostrecent timestamp to be submitted, thereby ensuring that revisions aremade only to appropriate (i.e., current) code element versions.

In some examples, the processor sorts the list of element details (ordownload list) by the user last responsible for updating that codeelement. In other examples, the processor sorts the list of elementdetails by timestamp. In such examples, the processor may be configuredto generate a map of elements by user identifier (last responsible forupdating the code element). The processor may use such a map of codeelements to obtain all code elements for a particular user and assign ordelegate those code elements to a particular user. In at least someexamples, the processor also receives updates to code elements fromusers (assigned, in some examples, based on the map) and uses theupdates to update the mainframe codebase.

The processor is also configured to populate the branch repositorieswith the code elements based on the respective source region. In otherwords, each corresponding branch repository associated with a mainframecode region is populated to have code elements from that respectivemainframe code region. In at least some examples, each correspondingbranch repository includes code elements from the most recent updates(based on timestamps) of the code region. In other examples, each branchrepository may be completely populated.

The processor is further configured to apply a code quality scan to thepopulated branch repositories to identify a code quality issue in therespective code elements. In an example embodiment, the identified codequality issues include at least one of code smells, securityvulnerabilities, code bugs, and sensitive information. In at least someexamples, the processor is also configured to perform a code securityscan. Specifically, the processor may be configured to apply a codesecurity scan to the populated branch repositories to identify asecurity issue in the respective code elements. In some such examples,the processor may also resolve the identified security issue in therespective code element by altering the respecting code element. Suchalteration may occur by deleting, obscuring, distorting, or otherwiserendering unavailable the sensitive information or other informationrepresented in the security issue.

In the example embodiment, there are at least four types of rulesapplied by a code quality scan (or an equivalent service): (a) a codesmell; (b) a code bug; (c) a code vulnerability; and (d) a code hotspot. A code smell may be described as a poor software developmentpractice that may pose maintenance issues. Code smells may be identifiedbased on a pattern, format, logical approach, or a failure to conform toa pattern, format, or logical approach. In many examples, code smellstherefore are associated with code smell patterns that positively definepatterns for code smells or negatively define patterns that do notpresent code smells. A bug may be defined as a poor coding practice ordefect that may lead to code reliability or performance issues. Likecode smells, a code bug may be identified based on a pattern, format,logical approach, or a failure to conform to a pattern, format, orlogical approach. In many examples, code bugs therefore are associatedwith code bugs patterns that positively define patterns for code bugs ornegatively define patterns that do not present code bugs. Avulnerability may be defined as a poor coding practice that can resultin a security issue because the code may allow an application to beimproperly exploitable by third-parties. In many examples,vulnerabilities are identified based on inspection of code elements orcodebases to determine whether a third-party device may be able toimproperly access an application or data associated with the codebase. Asecurity hot spot may be defined as code elements, sections of codebase,or codebase that pose security concerns by exposing sensitiveinformation or allowing intrusion. The code quality scan may also besubstantially integrated with the code security scan so that each canprovide overlapping services. Thus, the code quality scan may alsoidentify the presence of sensitive information.

The code quality scan and code security scan are also configured toidentify a severity associated with the any code quality issues (e.g.,smells, bugs, vulnerabilities, and security hotspots) or code securityissues (e.g., presence of sensitive information including access tokens,secrets, passwords, keys, login credentials, Java KeyStore files, andcredentialing certificates). In one example, the severity of the codequality scan may be indicated by the following levels: (a) blocker, (b)critical, (c) major, and (d) minor. A blocker code issue may bedescribed as a code quality defect that is highly likely (i.e.,exceeding a minimum confidence interval for high likelihood) to causesignificant adverse impact when the codebase is in production. Acritical code issue may be described as a code quality defect that islikely (i.e., exceeding a minimum confidence interval for a mediumlikelihood) to cause significant adverse impact when the codebase is inproduction. A major code issue is a code quality defect that is highlylikely (i.e., exceeding a minimum confidence interval for highlikelihood) to cause minor adverse impact when the codebase is inproduction. A minor code issue is a code quality defect that is likely(i.e., exceeding a minimum confidence interval for a medium likelihood)to cause a minor adverse impact when the codebase is in production.

Likewise, the code security scan may be configured to indicate the typeand severity of a code security issue. The type of code security issuesmay indicate one or more of the following types: presence of sensitiveinformation including access tokens, secrets, passwords, keys, logincredentials, Java KeyStore files, and credentialing certificates. Insome examples, the code security scan searches for true positivereferences using suitable regular expressions. For example, the codesecurity scan may search for passwords, user identifiers, andcredentials using a regular expression on codebase that is commented outwith patterns including, for example, “password”, “pwd”, “credential”,“secret”, “key”, or plurals thereof. In another example, the codesecurity scan may search for statements such as “logon”, “login”, “loginstatement”, or “auth” with two parameters that may suggest the presenceof a user name and a password. The code security scan may thereforesearch for network credentials including LAN credentials, strings withuser credentials, paired login expressions (e.g., pairs of usernames andparameters with corresponding labels such as “password” and “username”or “my user” and “my_pass” or “pass” and “user” or “pwd” and “name”). Inother examples, the code security scan may search using regularexpressions specific to particular network security protocols. As such,the code security scan may function in similar manners for codebasesincluding code for COBOL, JavaScript, Visual Basic, ASP, C, C#, batchcode, CMD, Java, manifest files, property files, control cards or punchcards, and log files. For example, the code security scan may scan forpasswords and/or secrets in Java code by searching files with extensionsincluding *.java, *.sh, *.ksh, *.jsp, .py, *.asp,*.cs, *.properties, and*.yml and identify credentials with regular expressions including“password”. When a regular expression matches, the code security scan isconfigured to capture associated text proximate to the matched patternas possible sensitive information. In some examples, the code securityscan may also score any matches for severity of a security risk byidentifying a likelihood that the sensitive information is: (a) lowrisk, (b) medium risk, and (c) high risk. The severity may be determinedbased on the location of the source codebase with potentially sensitiveinformation, wherein the code security scan is configured to identifyparticular applications, projects, code regions, or other code elementsmay be evaluated based on significance or exposure. The severity mayalso be determined based on a predicted likelihood of sensitiveinformation based, for example, on a quality of match to a definedpattern.

In other examples, the code quality scan may be configured to providestatistics on code quality including (a) total numbers of code smells,(b) total numbers of code bugs, (c) total numbers of vulnerabilities,(d) total numbers of security hotspots, (e) estimated technical debtindicated the estimated effort to fix the code quality issues, (f) amaintainability rating for the codebase or particular code elements, and(g) a reliability rating for the codebase or particular code elements.In one example, the maintainability rating is a rating of the estimatedremediation costs for resolving the code quality issue(s) as compared tothe estimated cost of the development of the application. As such themaintainability rating may identify projects or applications that costimproperly high amounts to maintain. In one example, a high rating is ator below 5% (indicating the cost of maintenance is at or below 5% of thetotal development cost) and a low rating is above 50% (indicating thatthe cost of maintenance is above 50% of the total development cost).Reliability ratings may be determined by counting the total number ofcode quality issues and identifying the total number of, for example,blocker bugs. In one example, one or more blocker bugs result in a lowreliability rating.

The processor is also configured to submit at least one code elementhaving an identified code quality issue to a user device associated withthe respective user identifier to correct the code quality issues. Asdescribed above, the processor may use the map, the list, or a query ofthe branch repository to identify a user or user identifier associatedwith each code element having a code quality issue (or a code securityissue). The processor may assign and route the code element(s) alongwith necessary information regarding the code quality issue or codesecurity issue including (a) classifications of quality or securityissue type; (b) severity information; and (c) instructions on how toremediate the quality or security issue based, for example, on patternsof code smells, code bugs, vulnerabilities, hotspots, or sensitiveinformation.

The processor may also be configured to receive updates from eachassigned user and thereby update the branch repository with a correctedor revised code element. The processor may also allow the management andapproval of each correction by a user. In some examples, the processormay also interact with the mainframe codebase by uploading suchcorrections or revisions.

Generally, the systems and methods described herein are configured toperform at least the following steps: (a) receive a code section fromthe software management device, wherein the code section includes astatus identifier, (b) upon determining that the status identifier iscomplete, identify a set of valid sub-components from the code sectionusing a dispatcher service associated with the dispatcher device, (c)upon determining that the identified set of valid sub-components arecapable of creating a build, identify a set of elements in the codesection identified for deployment, (d) upon determining that the set ofelements in the code section are deployable, request the at least onetesting service to perform at least one set of code diagnostics todetermine whether the code section satisfies build requirements, (e)upon determining that the at least one set of code diagnostics satisfiesa diagnostic goal for mainframe stability, attempt to create adeployment package from the code section, (f) upon successfully creatingthe deployment package, identify a production program running on themainframe device, (g) compare the production program to the deploymentpackage to identify a set of synchronization errors, (h) resolve the setof synchronization errors, (i) deploy the deployment package to themainframe device upon resolving the set of synchronization errors, (j)identify discrepancies between the deployment package and the productionprogram, (k) upon determining that the discrepancies do not cause afailure, automatically resolve the set of synchronization errors anddeploy the deployment package to the mainframe device, (1) identifydiscrepancies between the deployment package and the production program,(m) transmit a message to a system messaging device to request asynchronization resolution, (n) upon receipt of the synchronizationresolution indicating that the discrepancies are resolvable, resolve theset of synchronization errors based on the synchronization resolution,(o) deploy the deployment package to the mainframe device, (p) perform afirst code analysis of the code section to identify a code qualityassociated with the code section, (q) identify a predefined thresholdfor code quality, (r) upon determining that the code section exceeds thepredefined threshold, deploy the deployment package to the mainframedevice, (s) perform a first code coverage analysis of the code sectionto identify a code coverage score, (t) identify a predefined thresholdfor code coverage, (u) upon determining that the code section exceedsthe predefined threshold, deploy the deployment package to the mainframedevice, (v) transmit a message to a system messaging device to requestan approval for deployment of the code section, (w) upon receiving theapproval for deployment, deploy the deployment package to the mainframe,(x) upon deployment of the deployment package, request the at least onetesting service to perform a set of post-deployment testing to obtain apost-deployment testing score, (y) identify a predefined threshold forthe post-deployment testing score, and (z) upon determining that thepost-deployment testing score exceeds the predefined threshold,identifying the deployment as stable.

In another example, the mainframe deployment device may be configured tomaintain and secure mainframe codebases by performing at least thefollowing steps: import the mainframe codebase from the mainframedevice, wherein the mainframe codebase includes at least one code regionincluding at least one code element; identify the at least one coderegion of the mainframe codebase; initialize a branch repositorycorresponding to at least one identified code region; query the importedmainframe codebase to identify, for the code elements, a user identifierindicating an owner of the respective code element and a source regionrepresenting the code region of the respective code element; populatethe branch repositories with the code elements based on the respectivesource region; apply a code quality scan to the populated branchrepositories to identify a code quality issue in the respective codeelements; submit at least one code element having an identified codequality issue to a user device associated with the respective useridentifier to correct the code quality issues; generate, for therespective branch repositories, a list of element details including acode element identifier distinctly identifying the respective codeelement, the user identifier for the respective code element, and thesource region for the respective code element; query the importedmainframe codebase to identify a timestamp indicating a creation time ofthe respective code element; generate, for the respective branchrepositories, the list of element details including the timestamp of therespective code element; sort the list of element details based, atleast partially, on the respective identified timestamps; submit the atleast one code element having an identified code quality issue based atleast partially on the respective identified timestamp; apply a codequality scan to the populated branch repositories to identify the codequality issues in the respective code elements, wherein the identifiedcode quality issues include at least one of code smells, securityvulnerabilities, code bugs, and sensitive information; apply a codesecurity scan to the populated branch repositories to identify asecurity issue in the respective code elements; and resolve theidentified security issue in the respective code element by altering therespecting code element.

FIG. 1 is a block diagram of an example implementation of a system 100for a high-volume pharmacy. While the system 100 is generally describedas being deployed in a high-volume pharmacy or a fulfillment center (forexample, a mail order pharmacy, a direct delivery pharmacy, etc.), thesystem 100 and/or components of the system 100 may otherwise be deployed(for example, in a lower-volume pharmacy, etc.). A high-volume pharmacymay be a pharmacy that is capable of filling at least some prescriptionsmechanically. The system 100 may include a benefit manager device 102and a pharmacy device 106 in communication with each other directlyand/or over a network 104.

The system 100 may also include one or more user device(s) 108. A user,such as a pharmacist, patient, data analyst, health plan administrator,etc., may access the benefit manager device 102 or the pharmacy device106 using the user device 108. The user device 108 may be a desktopcomputer, a laptop computer, a tablet, a smartphone, etc.

The benefit manager device 102 is a device operated by an entity that isat least partially responsible for creation and/or management of thepharmacy or drug benefit. While the entity operating the benefit managerdevice 102 is typically a pharmacy benefit manager (PBM), other entitiesmay operate the benefit manager device 102 on behalf of themselves orother entities (such as PBMs). For example, the benefit manager device102 may be operated by a health plan, a retail pharmacy chain, a drugwholesaler, a data analytics or other type of software-related company,etc. In some implementations, a PBM that provides the pharmacy benefitmay provide one or more additional benefits including a medical orhealth benefit, a dental benefit, a vision benefit, a wellness benefit,a radiology benefit, a pet care benefit, an insurance benefit, a longterm care benefit, a nursing home benefit, etc. The PBM may, in additionto its PBM operations, operate one or more pharmacies. The pharmaciesmay be retail pharmacies, mail order pharmacies, etc.

Some of the operations of the PBM that operates the benefit managerdevice 102 may include the following activities and processes. A member(or a person on behalf of the member) of a pharmacy benefit plan mayobtain a prescription drug at a retail pharmacy location (e.g., alocation of a physical store) from a pharmacist or a pharmacisttechnician. The member may also obtain the prescription drug throughmail order drug delivery from a mail order pharmacy location, such asthe system 100. In some implementations, the member may obtain theprescription drug directly or indirectly through the use of a machine,such as a kiosk, a vending unit, a mobile electronic device, or adifferent type of mechanical device, electrical device, electroniccommunication device, and/or computing device. Such a machine may befilled with the prescription drug in prescription packaging, which mayinclude multiple prescription components, by the system 100. Thepharmacy benefit plan is administered by or through the benefit managerdevice 102.

The member may have a copayment for the prescription drug that reflectsan amount of money that the member is responsible to pay the pharmacyfor the prescription drug. The money paid by the member to the pharmacymay come from, as examples, personal funds of the member, a healthsavings account (HSA) of the member or the member's family, a healthreimbursement arrangement (HRA) of the member or the member's family, ora flexible spending account (FSA) of the member or the member's family.In some instances, an employer of the member may directly or indirectlyfund or reimburse the member for the copayments.

The amount of the copayment required by the member may vary acrossdifferent pharmacy benefit plans having different plan sponsors orclients and/or for different prescription drugs. The member's copaymentmay be a flat copayment (in one example, $10), coinsurance (in oneexample, 10%), and/or a deductible (for example, responsibility for thefirst $500 of annual prescription drug expense, etc.) for certainprescription drugs, certain types and/or classes of prescription drugs,and/or all prescription drugs. The copayment may be stored in a storagedevice 110 or determined by the benefit manager device 102.

In some instances, the member may not pay the copayment or may only paya portion of the copayment for the prescription drug. For example, if ausual and customary cost for a generic version of a prescription drug is$4, and the member's flat copayment is $20 for the prescription drug,the member may only need to pay $4 to receive the prescription drug. Inanother example involving a worker's compensation claim, no copaymentmay be due by the member for the prescription drug.

In addition, copayments may also vary based on different deliverychannels for the prescription drug. For example, the copayment forreceiving the prescription drug from a mail order pharmacy location maybe less than the copayment for receiving the prescription drug from aretail pharmacy location.

In conjunction with receiving a copayment (if any) from the member anddispensing the prescription drug to the member, the pharmacy submits aclaim to the PBM for the prescription drug. After receiving the claim,the PBM (such as by using the benefit manager device 102) may performcertain adjudication operations including verifying eligibility for themember, identifying/reviewing an applicable formulary for the member todetermine any appropriate copayment, coinsurance, and deductible for theprescription drug, and performing a drug utilization review (DUR) forthe member. Further, the PBM may provide a response to the pharmacy (forexample, the pharmacy system 100) following performance of at least someof the aforementioned operations.

As part of the adjudication, a plan sponsor (or the PBM on behalf of theplan sponsor) ultimately reimburses the pharmacy for filling theprescription drug when the prescription drug was successfullyadjudicated. The aforementioned adjudication operations generally occurbefore the copayment is received and the prescription drug is dispensed.However in some instances, these operations may occur simultaneously,substantially simultaneously, or in a different order. In addition, moreor fewer adjudication operations may be performed as at least part ofthe adjudication process.

The amount of reimbursement paid to the pharmacy by a plan sponsorand/or money paid by the member may be determined at least partiallybased on types of pharmacy networks in which the pharmacy is included.In some implementations, the amount may also be determined based onother factors. For example, if the member pays the pharmacy for theprescription drug without using the prescription or drug benefitprovided by the PBM, the amount of money paid by the member may behigher than when the member uses the prescription or drug benefit. Insome implementations, the amount of money received by the pharmacy fordispensing the prescription drug and for the prescription drug itselfmay be higher than when the member uses the prescription or drugbenefit. Some or all of the foregoing operations may be performed byexecuting instructions stored in the benefit manager device 102 and/oran additional device.

Examples of the network 104 include a Global System for MobileCommunications (GSM) network, a code division multiple access (CDMA)network, 3rd Generation Partnership Project (3GPP), an Internet Protocol(IP) network, a Wireless Application Protocol (WAP) network, or an IEEE802.11 standards network, as well as various combinations of the abovenetworks. The network 104 may include an optical network. The network104 may be a local area network or a global communication network, suchas the Internet. In some implementations, the network 104 may include anetwork dedicated to prescription orders: a prescribing network such asthe electronic prescribing network operated by Surescripts of Arlington,Va.

Moreover, although the system shows a single network 104, multiplenetworks can be used. The multiple networks may communicate in seriesand/or parallel with each other to link the devices 102-110.

The pharmacy device 106 may be a device associated with a retailpharmacy location (e.g., an exclusive pharmacy location, a grocery storewith a retail pharmacy, or a general sales store with a retail pharmacy)or other type of pharmacy location at which a member attempts to obtaina prescription. The pharmacy may use the pharmacy device 106 to submitthe claim to the PBM for adjudication.

Additionally, in some implementations, the pharmacy device 106 mayenable information exchange between the pharmacy and the PBM. Forexample, this may allow the sharing of member information such as drughistory that may allow the pharmacy to better service a member (forexample, by providing more informed therapy consultation and druginteraction information). In some implementations, the benefit managerdevice 102 may track prescription drug fulfillment and/or otherinformation for users that are not members, or have not identifiedthemselves as members, at the time (or in conjunction with the time) inwhich they seek to have a prescription filled at a pharmacy.

The pharmacy device 106 may include a pharmacy fulfillment device 112,an order processing device 114, and a pharmacy management device 116 incommunication with each other directly and/or over the network 104. Theorder processing device 114 may receive information regarding fillingprescriptions and may direct an order component to one or more devicesof the pharmacy fulfillment device 112 at a pharmacy. The pharmacyfulfillment device 112 may fulfill, dispense, aggregate, and/or pack theorder components of the prescription drugs in accordance with one ormore prescription orders directed by the order processing device 114.

In general, the order processing device 114 is a device located withinor otherwise associated with the pharmacy to enable the pharmacyfulfilment device 112 to fulfill a prescription and dispenseprescription drugs. In some implementations, the order processing device114 may be an external order processing device separate from thepharmacy and in communication with other devices located within thepharmacy.

For example, the external order processing device may communicate withan internal pharmacy order processing device and/or other deviceslocated within the system 100. In some implementations, the externalorder processing device may have limited functionality (e.g., asoperated by a user requesting fulfillment of a prescription drug), whilethe internal pharmacy order processing device may have greaterfunctionality (e.g., as operated by a pharmacist).

The order processing device 114 may track the prescription order as itis fulfilled by the pharmacy fulfillment device 112. The prescriptionorder may include one or more prescription drugs to be filled by thepharmacy. The order processing device 114 may make pharmacy routingdecisions and/or order consolidation decisions for the particularprescription order. The pharmacy routing decisions include whatdevice(s) in the pharmacy are responsible for filling or otherwisehandling certain portions of the prescription order. The orderconsolidation decisions include whether portions of one prescriptionorder or multiple prescription orders should be shipped together for auser or a user family. The order processing device 114 may also trackand/or schedule literature or paperwork associated with eachprescription order or multiple prescription orders that are beingshipped together. In some implementations, the order processing device114 may operate in combination with the pharmacy management device 116.

The order processing device 114 may include circuitry, a processor, amemory to store data and instructions, and communication functionality.The order processing device 114 is dedicated to performing processes,methods, and/or instructions described in this application. Other typesof electronic devices may also be used that are specifically configuredto implement the processes, methods, and/or instructions described infurther detail below.

In some implementations, at least some functionality of the orderprocessing device 114 may be included in the pharmacy management device116. The order processing device 114 may be in a client-serverrelationship with the pharmacy management device 116, in a peer-to-peerrelationship with the pharmacy management device 116, or in a differenttype of relationship with the pharmacy management device 116. The orderprocessing device 114 and/or the pharmacy management device 116 maycommunicate directly (for example, such as by using a local storage)and/or through the network 104 (such as by using a cloud storageconfiguration, software as a service, etc.) with the storage device 110.

The storage device 110 may include: non-transitory storage (for example,memory, hard disk, CD-ROM, etc.) in communication with the benefitmanager device 102 and/or the pharmacy device 106 directly and/or overthe network 104. The non-transitory storage may store order data 118,member data 120, claims data 122, drug data 124, prescription data 126,and/or plan sponsor data 128. Further, the system 100 may includeadditional devices, which may communicate with each other directly orover the network 104.

The order data 118 may be related to a prescription order. The orderdata may include type of the prescription drug (for example, drug nameand strength) and quantity of the prescription drug. The order data 118may also include data used for completion of the prescription, such asprescription materials. In general, prescription materials include anelectronic copy of information regarding the prescription drug forinclusion with or otherwise in conjunction with the fulfilledprescription. The prescription materials may include electronicinformation regarding drug interaction warnings, recommended usage,possible side effects, expiration date, date of prescribing, etc. Theorder data 118 may be used by a high-volume fulfillment center tofulfill a pharmacy order.

In some implementations, the order data 118 includes verificationinformation associated with fulfillment of the prescription in thepharmacy. For example, the order data 118 may include videos and/orimages taken of (i) the prescription drug prior to dispensing, duringdispensing, and/or after dispensing, (ii) the prescription container(for example, a prescription container and sealing lid, prescriptionpackaging, etc.) used to contain the prescription drug prior todispensing, during dispensing, and/or after dispensing, (iii) thepackaging and/or packaging materials used to ship or otherwise deliverthe prescription drug prior to dispensing, during dispensing, and/orafter dispensing, and/or (iv) the fulfillment process within thepharmacy. Other types of verification information such as barcode dataread from pallets, bins, trays, or carts used to transport prescriptionswithin the pharmacy may also be stored as order data 118.

The member data 120 includes information regarding the membersassociated with the PBM. The information stored as member data 120 mayinclude personal information, personal health information, protectedhealth information, etc. Examples of the member data 120 include name,address, telephone number, e-mail address, prescription drug history,etc. The member data 120 may include a plan sponsor identifier thatidentifies the plan sponsor associated with the member and/or a memberidentifier that identifies the member to the plan sponsor. The memberdata 120 may include a member identifier that identifies the plansponsor associated with the user and/or a user identifier thatidentifies the user to the plan sponsor. The member data 120 may alsoinclude dispensation preferences such as type of label, type of cap,message preferences, language preferences, etc.

The member data 120 may be accessed by various devices in the pharmacy(for example, the high-volume fulfillment center, etc.) to obtaininformation used for fulfillment and shipping of prescription orders. Insome implementations, an external order processing device operated by oron behalf of a member may have access to at least a portion of themember data 120 for review, verification, or other purposes.

In some implementations, the member data 120 may include information forpersons who are users of the pharmacy but are not members in thepharmacy benefit plan being provided by the PBM. For example, theseusers may obtain drugs directly from the pharmacy, through a privatelabel service offered by the pharmacy, the high-volume fulfillmentcenter, or otherwise. In general, the use of the terms “member” and“user” may be used interchangeably.

The claims data 122 includes information regarding pharmacy claimsadjudicated by the PBM under a drug benefit program provided by the PBMfor one or more plan sponsors. In general, the claims data 122 includesan identification of the client that sponsors the drug benefit programunder which the claim is made, and/or the member that purchased theprescription drug giving rise to the claim, the prescription drug thatwas filled by the pharmacy (e.g., the national drug code number, etc.),the dispensing date, generic indicator, generic product identifier (GPI)number, medication class, the cost of the prescription drug providedunder the drug benefit program, the copayment/coinsurance amount, rebateinformation, and/or member eligibility, etc. Additional information maybe included.

In some implementations, other types of claims beyond prescription drugclaims may be stored in the claims data 122. For example, medicalclaims, dental claims, wellness claims, or other types ofhealth-care-related claims for members may be stored as a portion of theclaims data 122.

In some implementations, the claims data 122 includes claims thatidentify the members with whom the claims are associated. Additionallyor alternatively, the claims data 122 may include claims that have beende-identified (that is, associated with a unique identifier but not witha particular, identifiable member).

The drug data 124 may include drug name (e.g., technical name and/orcommon name), other names by which the drug is known, activeingredients, an image of the drug (such as in pill form), etc. The drugdata 124 may include information associated with a single medication ormultiple medications.

The prescription data 126 may include information regardingprescriptions that may be issued by prescribers on behalf of users, whomay be members of the pharmacy benefit plan—for example, to be filled bya pharmacy. Examples of the prescription data 126 include user names,medication or treatment (such as lab tests), dosing information, etc.The prescriptions may include electronic prescriptions or paperprescriptions that have been scanned. In some implementations, thedosing information reflects a frequency of use (e.g., once a day, twicea day, before each meal, etc.) and a duration of use (e.g., a few days,a week, a few weeks, a month, etc.).

In some implementations, the order data 118 may be linked to associatedmember data 120, claims data 122, drug data 124, and/or prescriptiondata 126.

The plan sponsor data 128 includes information regarding the plansponsors of the PBM. Examples of the plan sponsor data 128 includecompany name, company address, contact name, contact telephone number,contact e-mail address, etc.

FIG. 2 illustrates the pharmacy fulfillment device 112 according to anexample implementation. The pharmacy fulfillment device 112 may be usedto process and fulfill prescriptions and prescription orders. Afterfulfillment, the fulfilled prescriptions are packed for shipping.

The pharmacy fulfillment device 112 may include devices in communicationwith the benefit manager device 102, the order processing device 114,and/or the storage device 110, directly or over the network 104.Specifically, the pharmacy fulfillment device 112 may include palletsizing and pucking device(s) 206, loading device(s) 208, inspectdevice(s) 210, unit of use device(s) 212, automated dispensing device(s)214, manual fulfillment device(s) 216, review devices 218, imagingdevice(s) 220, cap device(s) 222, accumulation devices 224, packingdevice(s) 226, literature device(s) 228, unit of use packing device(s)230, and mail manifest device(s) 232. Further, the pharmacy fulfillmentdevice 112 may include additional devices, which may communicate witheach other directly or over the network 104.

In some implementations, operations performed by one of these devices206-232 may be performed sequentially, or in parallel with theoperations of another device as may be coordinated by the orderprocessing device 114. In some implementations, the order processingdevice 114 tracks a prescription with the pharmacy based on operationsperformed by one or more of the devices 206-232.

In some implementations, the pharmacy fulfillment device 112 maytransport prescription drug containers, for example, among the devices206-232 in the high-volume fulfillment center, by use of pallets. Thepallet sizing and pucking device 206 may configure pucks in a pallet. Apallet may be a transport structure for a number of prescriptioncontainers, and may include a number of cavities. A puck may be placedin one or more than one of the cavities in a pallet by the pallet sizingand pucking device 206. The puck may include a receptacle sized andshaped to receive a prescription container. Such containers may besupported by the pucks during carriage in the pallet. Different pucksmay have differently sized and shaped receptacles to accommodatecontainers of differing sizes, as may be appropriate for differentprescriptions.

The arrangement of pucks in a pallet may be determined by the orderprocessing device 114 based on prescriptions that the order processingdevice 114 decides to launch. The arrangement logic may be implementeddirectly in the pallet sizing and pucking device 206. Once aprescription is set to be launched, a puck suitable for the appropriatesize of container for that prescription may be positioned in a pallet bya robotic arm or pickers. The pallet sizing and pucking device 206 maylaunch a pallet once pucks have been configured in the pallet.

The loading device 208 may load prescription containers into the puckson a pallet by a robotic arm, a pick and place mechanism (also referredto as pickers), etc. In various implementations, the loading device 208has robotic arms or pickers to grasp a prescription container and moveit to and from a pallet or a puck. The loading device 208 may also printa label that is appropriate for a container that is to be loaded ontothe pallet, and apply the label to the container. The pallet may belocated on a conveyor assembly during these operations (e.g., at thehigh-volume fulfillment center, etc.).

The inspect device 210 may verify that containers in a pallet arecorrectly labeled and in the correct spot on the pallet. The inspectdevice 210 may scan the label on one or more containers on the pallet.Labels of containers may be scanned or imaged in full or in part by theinspect device 210. Such imaging may occur after the container has beenlifted out of its puck by a robotic arm, picker, etc., or may beotherwise scanned or imaged while retained in the puck. In someimplementations, images and/or video captured by the inspect device 210may be stored in the storage device 110 as order data 118.

The unit of use device 212 may temporarily store, monitor, label, and/ordispense unit of use products. In general, unit of use products areprescription drug products that may be delivered to a user or memberwithout being repackaged at the pharmacy. These products may includepills in a container, pills in a blister pack, inhalers, etc.Prescription drug products dispensed by the unit of use device 212 maybe packaged individually or collectively for shipping, or may be shippedin combination with other prescription drugs dispensed by other devicesin the high-volume fulfillment center.

At least some of the operations of the devices 206-232 may be directedby the order processing device 114. For example, the manual fulfillmentdevice 216, the review device 218, the automated dispensing device 214,and/or the packing device 226, etc. may receive instructions provided bythe order processing device 114.

The automated dispensing device 214 may include one or more devices thatdispense prescription drugs or pharmaceuticals into prescriptioncontainers in accordance with one or multiple prescription orders. Ingeneral, the automated dispensing device 214 may include mechanical andelectronic components with, in some implementations, software and/orlogic to facilitate pharmaceutical dispensing that would otherwise beperformed in a manual fashion by a pharmacist and/or pharmacisttechnician. For example, the automated dispensing device 214 may includehigh-volume fillers that fill a number of prescription drug types at arapid rate and blister pack machines that dispense and pack drugs into ablister pack. Prescription drugs dispensed by the automated dispensingdevices 214 may be packaged individually or collectively for shipping,or may be shipped in combination with other prescription drugs dispensedby other devices in the high-volume fulfillment center.

The manual fulfillment device 216 controls how prescriptions aremanually fulfilled. For example, the manual fulfillment device 216 mayreceive or obtain a container and enable fulfillment of the container bya pharmacist or pharmacy technician. In some implementations, the manualfulfillment device 216 provides the filled container to another devicein the pharmacy fulfillment devices 112 to be joined with othercontainers in a prescription order for a user or member.

In general, manual fulfillment may include operations at least partiallyperformed by a pharmacist or a pharmacy technician. For example, aperson may retrieve a supply of the prescribed drug, may make anobservation, may count out a prescribed quantity of drugs and place theminto a prescription container, etc. Some portions of the manualfulfillment process may be automated by use of a machine. For example,counting of capsules, tablets, or pills may be at least partiallyautomated (such as through use of a pill counter). Prescription drugsdispensed by the manual fulfillment device 216 may be packagedindividually or collectively for shipping, or may be shipped incombination with other prescription drugs dispensed by other devices inthe high-volume fulfillment center.

The review device 218 may process prescription containers to be reviewedby a pharmacist for proper pill count, exception handling, prescriptionverification, etc. Fulfilled prescriptions may be manually reviewedand/or verified by a pharmacist, as may be required by state or locallaw. A pharmacist or other licensed pharmacy person who may dispensecertain drugs in compliance with local and/or other laws may operate thereview device 218 and visually inspect a prescription container that hasbeen filled with a prescription drug. The pharmacist may review, verify,and/or evaluate drug quantity, drug strength, and/or drug interactionconcerns, or otherwise perform pharmacist services. The pharmacist mayalso handle containers which have been flagged as an exception, such ascontainers with unreadable labels, containers for which the associatedprescription order has been canceled, containers with defects, etc. Inan example, the manual review can be performed at a manual reviewstation.

The imaging device 220 may image containers once they have been filledwith pharmaceuticals. The imaging device 220 may measure a fill heightof the pharmaceuticals in the container based on the obtained image todetermine if the container is filled to the correct height given thetype of pharmaceutical and the number of pills in the prescription.Images of the pills in the container may also be obtained to detect thesize of the pills themselves and markings thereon. The images may betransmitted to the order processing device 114 and/or stored in thestorage device 110 as part of the order data 118.

The cap device 222 may be used to cap or otherwise seal a prescriptioncontainer. In some implementations, the cap device 222 may secure aprescription container with a type of cap in accordance with a userpreference (e.g., a preference regarding child resistance, etc.), a plansponsor preference, a prescriber preference, etc. The cap device 222 mayalso etch a message into the cap, although this process may be performedby a subsequent device in the high-volume fulfillment center.

The accumulation device 224 accumulates various containers ofprescription drugs in a prescription order. The accumulation device 224may accumulate prescription containers from various devices or areas ofthe pharmacy. For example, the accumulation device 224 may accumulateprescription containers from the unit of use device 212, the automateddispensing device 214, the manual fulfillment device 216, and the reviewdevice 218. The accumulation device 224 may be used to group theprescription containers prior to shipment to the member.

The literature device 228 prints, or otherwise generates, literature toinclude with each prescription drug order. The literature may be printedon multiple sheets of substrates, such as paper, coated paper, printablepolymers, or combinations of the above substrates. The literatureprinted by the literature device 228 may include information required toaccompany the prescription drugs included in a prescription order, otherinformation related to prescription drugs in the order, financialinformation associated with the order (for example, an invoice or anaccount statement), etc.

In some implementations, the literature device 228 folds or otherwiseprepares the literature for inclusion with a prescription drug order(e.g., in a shipping container). In other implementations, theliterature device 228 prints the literature and is separate from anotherdevice that prepares the printed literature for inclusion with aprescription order.

The packing device 226 packages the prescription order in preparationfor shipping the order. The packing device 226 may box, bag, orotherwise package the fulfilled prescription order for delivery. Thepacking device 226 may further place inserts (e.g., literature or otherpapers, etc.) into the packaging received from the literature device228. For example, bulk prescription orders may be shipped in a box,while other prescription orders may be shipped in a bag, which may be awrap seal bag.

The packing device 226 may label the box or bag with an address and arecipient's name. The label may be printed and affixed to the bag orbox, be printed directly onto the bag or box, or otherwise associatedwith the bag or box. The packing device 226 may sort the box or bag formailing in an efficient manner (e.g., sort by delivery address, etc.).The packing device 226 may include ice or temperature sensitive elementsfor prescriptions that are to be kept within a temperature range duringshipping (for example, this may be necessary in order to retainefficacy). The ultimate package may then be shipped through postal mail,through a mail order delivery service that ships via ground and/or air(e.g., UPS, FEDEX, or DHL, etc.), through a delivery service, through alocker box at a shipping site (e.g., AMAZON locker or a PO Box, etc.),or otherwise.

The unit of use packing device 230 packages a unit of use prescriptionorder in preparation for shipping the order. The unit of use packingdevice 230 may include manual scanning of containers to be bagged forshipping to verify each container in the order. In an exampleimplementation, the manual scanning may be performed at a manualscanning station. The pharmacy fulfillment device 112 may also include amail manifest device 232 to print mailing labels used by the packingdevice 226 and may print shipping manifests and packing lists.

While the pharmacy fulfillment device 112 in FIG. 2 is shown to includesingle devices 206-232, multiple devices may be used. When multipledevices are present, the multiple devices may be of the same device typeor models, or may be a different device type or model. The types ofdevices 206-232 shown in FIG. 2 are example devices. In otherconfigurations of the system 100, lesser, additional, or different typesof devices may be included.

Moreover, multiple devices may share processing and/or memory resources.The devices 206-232 may be located in the same area or in differentlocations. For example, the devices 206-232 may be located in a buildingor set of adjoining buildings. The devices 206-232 may be interconnected(such as by conveyors), networked, and/or otherwise in contact with oneanother or integrated with one another (e.g., at the high-volumefulfillment center, etc.). In addition, the functionality of a devicemay be split among a number of discrete devices and/or combined withother devices.

FIG. 3 illustrates the order processing device 114 according to anexample implementation. The order processing device 114 may be used byone or more operators to generate prescription orders, make routingdecisions, make prescription order consolidation decisions, trackliterature with the system 100, and/or view order status and other orderrelated information. For example, the prescription order may includeorder components.

The order processing device 114 may receive instructions to fulfill anorder without operator intervention. An order component may include aprescription drug fulfilled by use of a container through the system100. The order processing device 114 may include an order verificationsubsystem 302, an order control subsystem 304, and/or an order trackingsubsystem 306. Other subsystems may also be included in the orderprocessing device 114.

The order verification subsystem 302 may communicate with the benefitmanager device 102 to verify the eligibility of the member and reviewthe formulary to determine appropriate copayment, coinsurance, anddeductible for the prescription drug and/or perform a DUR (drugutilization review). Other communications between the order verificationsubsystem 302 and the benefit manager device 102 may be performed for avariety of purposes.

The order control subsystem 304 controls various movements of thecontainers and/or pallets along with various filling functions duringtheir progression through the system 100. In some implementations, theorder control subsystem 304 may identify the prescribed drug in one ormore than one prescription orders as capable of being fulfilled by theautomated dispensing device 214. The order control subsystem 304 maydetermine which prescriptions are to be launched and may determine thata pallet of automated-fill containers is to be launched.

The order control subsystem 304 may determine that an automated-fillprescription of a specific pharmaceutical is to be launched and mayexamine a queue of orders awaiting fulfillment for other prescriptionorders, which will be filled with the same pharmaceutical. The ordercontrol subsystem 304 may then launch orders with similar automated-fillpharmaceutical needs together in a pallet to the automated dispensingdevice 214. As the devices 206-232 may be interconnected by a system ofconveyors or other container movement systems, the order controlsubsystem 304 may control various conveyors: for example, to deliver thepallet from the loading device 208 to the manual fulfillment device 216from the literature device 228, paperwork as needed to fill theprescription.

The order tracking subsystem 306 may track a prescription order duringits progress toward fulfillment. The order tracking subsystem 306 maytrack, record, and/or update order history, order status, etc. The ordertracking subsystem 306 may store data locally (for example, in a memory)or as a portion of the order data 118 stored in the storage device 110.

FIG. 4 is a functional block diagram of an example computing device 400that may be used in the environments described herein. Specifically,computing device 400 illustrates an exemplary configuration of acomputing device. Computing device 400 illustrates an exemplaryconfiguration of a computing device operated by a user 401 in accordancewith one embodiment of the present invention. Computing device 400 mayinclude, but is not limited to, a software management device, adispatcher device, a testing device, a mainframe device, a code analysisdevice, a mainframe deployment device, and any other system describedherein. Computing device 400 may also include pharmacy devices 106including pharmacy fulfillment devices 112, order processing devices114, and pharmacy management devices 116, storage devices 110, benefitmanager devices 102, and user devices 108 (all shown in FIG. 1 ), mobilecomputing devices, stationary computing devices, computing peripheraldevices, smart phones, wearable computing devices, medical computingdevices, and vehicular computing devices. Alternatively, computingdevice 400 may be any computing device capable of performing themainframe deployment methods described herein. In some variations, thecharacteristics of the described components may be more or lessadvanced, primitive, or non-functional.

In the exemplary embodiment, computing device 400 includes a processor411 for executing instructions. In some embodiments, executableinstructions are stored in a memory area 412. Processor 411 may includeone or more processing units, for example, a multi-core configuration.Memory area 412 is any device allowing information such as executableinstructions and/or written works to be stored and retrieved. Memoryarea 412 may include one or more computer readable media.

Computing device 400 also includes at least one input/output component413 for receiving information from and providing information to user401. In some examples, input/output component 413 may be of limitedfunctionality or non-functional as in the case of some wearablecomputing devices. In other examples, input/output component 413 is anycomponent capable of conveying information to or receiving informationfrom user 401. In some embodiments, input/output component 413 includesan output adapter such as a video adapter and/or an audio adapter.Input/output component 413 may alternatively include an output devicesuch as a display device, a liquid crystal display (LCD), organic lightemitting diode (OLED) display, or “electronic ink” display, or an audiooutput device, a speaker or headphones. Input/output component 413 mayalso include any devices, modules, or structures for receiving inputfrom user 401. Input/output component 413 may therefore include, forexample, a keyboard, a pointing device, a mouse, a stylus, a touchsensitive panel, a touch pad, a touch screen, a gyroscope, anaccelerometer, a position detector, or an audio input device. A singlecomponent such as a touch screen may function as both an output andinput device of input/output component 413. Input/output component 413may further include multiple sub-components for carrying out input andoutput functions.

Computing device 400 may also include a communications interface 414,which may be communicatively coupleable to a remote device such as aremote computing device, a remote server, or any other suitable system.Communication interface 414 may include, for example, a wired orwireless network adapter or a wireless data transceiver for use with amobile phone network, Global System for Mobile communications (GSM), 3G,4G, or other mobile data network or Worldwide Interoperability forMicrowave Access (WIMAX). Communications interface 414 is configured toallow computing device 400 to interface with any other computing deviceor network using an appropriate wireless or wired communicationsprotocol such as, without limitation, BLUETOOTH®, Ethernet, or IEE802.11. Communications interface 414 allows computing device 400 tocommunicate with any other computing devices with which it is incommunication or connection.

FIG. 5 is a functional block diagram of a mainframe deployment system500 including multiple computing devices 510, 520, 530, 540, 550, and560 similar to the computing device 400 shown in FIG. 4 . Softwaremanagement device 510 is capable of providing software developmentmanagement tools and capabilities to facilitate the processes describedherein including, for example, maintaining and providing code sectionsthat are evaluated and deployed according to the methods describedherein. Software management device 510 includes a processor 511, amemory 512, an input/output 513, and a communications device 514.Dispatcher device 520 is configured to perform the dispatcher processesdescribed herein, and to coordinate the assignation of tasks, work, andactivities to systems, programmers, or other entities. Dispatcher device520 includes a processor 521, a memory 522, an input/output 523, and acommunications device 524. Testing service 530 is configured to performat least the pre-deployment test processes and the post-deployment testprocesses described herein. Testing service includes a processor 531, amemory 532, an input/output 533, and a communications device 534.Mainframe device 540 is configured to provide the applications andservices that are the subject of this application, and it is the aim ofthis invention to use the mainframe deployment system 500 to providestable, reliable deployments to mainframe device 540. Mainframe device540 includes a processor 541, a memory 542, an input/output 543, and acommunications device 544. Mainframe deployment device 550 is configuredto facilitate or execute many of the processes described herein, and tocoordinate the principal method of providing stable software deploymentsto mainframe device 540. Mainframe deployment device 550 includes aprocessor 551, a memory 552, an input/output 553, and a communicationsdevice 554. Other devices 560 may be designed in a manner similar tocomputing device 400 and similarly include processors, memories,input/outputs, and communication devices. Computing devices 510, 520,530, 540, 550, and 560 are in networked communication via network 502.

FIG. 6 is a flow diagram representing a method 600 for providing stablesoftware deployments to a mainframe environment performed by themainframe deployment device 550 of the mainframe deployment system 500shown in FIG. 5 . The mainframe deployment device 550 is configured toreceive 610 a code section from the software management device, whereinthe code section includes a status identifier. Upon determining that thestatus identifier is complete, the mainframe deployment device 550 isconfigured to identify 620 a set of valid sub-components from the codesection using a dispatcher service associated with the dispatcherdevice. Upon determining that the identified set of valid sub-componentsare capable of creating a build, the mainframe deployment device 550 isconfigured to identify 630 a set of elements in the code sectionidentified for deployment. As used herein, the identified set of validsub-components is “capable of creating a build” when thosesub-components are sufficient to allow for the creation of a build to bedeployed on the mainframe device in a stable manner. Where a set ofsub-components cannot successfully be used to create such a build, thatidentified set of sub-components is not “capable of creating a build.”Sets of sub-components that are capable of creating a build may varysubstantially from one another, and there may be examples in which oneset of sub-components that is capable of creating a build may includesome elements that are not necessary to qualify as “capable of creatinga build”, and other examples in which all of the set of sub-componentsare necessary for that set to qualify as “capable of creating a build.”

Upon determining that the set of elements in the code section aredeployable, the mainframe deployment device 550 is configured to request640 the at least one testing service to perform at least one set of codediagnostics to determine whether the code section satisfies buildrequirements. Upon determining that the at least one set of codediagnostics satisfies a diagnostic goal for mainframe stability, themainframe deployment device 550 is configured to attempt 650 to create adeployment package from the code section. Upon successfully creating thedeployment package, the mainframe deployment device 550 is configured toidentify 660 a production program running on the mainframe device. Themainframe deployment device 550 is also configured to compare 670 theproduction program to the deployment package to identify a set ofsynchronization errors. The mainframe deployment device 550 is furtherconfigured to resolve 680 the set of synchronization errors. Themainframe deployment device 550 is also configured to deploy 690 thedeployment package to the mainframe device upon resolving the set ofsynchronization errors.

FIG. 7 is a diagram of elements of one or more example computing devicesthat may be used in the system shown in FIGS. 1-5 . As described herein,the elements 702, 704, 706, 708, 710, 712, and 714 are configured toperform the processes and methods described herein. Code processingsubsystem 702 is configured to process the code and code sections, andto facilitate processing, receipt, and transmission of such source code.Code analysis subsystem 704 is configured to provide and enable codequality analysis processes and code coverage processes described herein.Testing subsystem 706 is configured to provide and enable thepre-deployment and post-deployment test processes described herein.Diagnostic subsystem 708 is configured to provide and enable thediagnostic processes described herein. Mainframe analysis subsystem 710is configured to monitor the state of mainframe device 540, and tomanage mainframe deployment information to facilitate the methodsdescribed. Synchronization management subsystem 712 is configured tomanage the error synchronization process prior to code deployment.Deployment subsystem 714 is configured to enable and support all aspectsof code deployment to mainframe device 540 including, for example,authorization processes, build package creation processes, packagecasting processes, and package execution processes.

FIG. 8 is a flow diagram representing a dispatcher process performed bythe mainframe deployment system 500 of FIG. 5 . The mainframe deploymentdevice 550 is configured to receive 610 a code section that includes astatus identifier from the software management device. The mainframedeployment device 550 determines whether the status identifier reflectsthat the code section is identified as complete, and if so, identifies620 a set of valid sub-components from the code section using dispatcherservice 520. Dispatcher service 520 initiates the dispatcher processand, in so doing, receives a web hook 802, parses the web hook 804, andloads 806 a configuration based on the parsed web hook. The dispatcherservice 520 continues the dispatcher process by confirming 808 whether aconfiguration loaded. If the configuration does not load, the buildfails 852. If the configuration loads, the dispatcher service 520determines 810 whether the code section has valid sub-components. If thedispatcher service 520 determines that the code section does not havevalid sub-components, the dispatcher service 520 updates 822 thesoftware management device to reflect the fact that the code sectiondoes not have valid sub-components, and the build is marked 824 asunstable. If the dispatcher service 520 determines that the code sectionhas valid sub-components, the dispatcher service 520 generates 832 jobparameters, and attempts to execute 842 the job. If the dispatcherservice 520 can locate 844 the job and execute it, the build succeeds846 through this stage. If the dispatcher service 520 cannot locate thejob and execute it, the build fails 852.

FIG. 9 is a flow diagram representing a pre-deployment validationprocess performed by the mainframe deployment system 500 of FIG. 5 . Themainframe deployment device 550 is also configured to identify 630 a setof elements in the code section identified for deployment, upondetermining that the identified set of valid sub-components are capableof creating a build. In so doing, the mainframe deployment deviceperforms a pre-deployment validation process. The mainframe deploymentdevice 550 loads 902 a build configuration, updates 904 the softwaremanagement device to reflect the build configuration loading, andverifies 906 that at least one requested element exists in the sourceregion. More specifically, the mainframe deployment device 550determines 908 whether one of the elements indicated in the buildconfiguration exists in the source region. If no elements exist, themainframe deployment device 550 determines 908 that deployment is notpossible and the build fails 930. If the mainframe deployment device 550determines 908 that the deployment is possible, the mainframe deploymentdevice 550 determines 910 whether all elements can be deployed. If allelements can be deployed, the mainframe deployment device 550 proceeds912. If some of the elements cannot be deployed, the mainframedeployment device 550 issues 920 a warning (such as a missing elementswarning), updates the software management device to reflect the warning,and proceeds 922.

FIG. 10 is a flow diagram representing a code analysis process performedby the mainframe deployment system 500 of FIG. 5 . The mainframedeployment device 550 is also configured to perform a code dependencyanalysis. The mainframe deployment device 550 receives 1002 proposedsource code and analyzes 1004 the code for dependencies. In someexamples, the mainframe deployment device 550 determines 1006 whether itrequires parsing information. In some examples parsing information mayinclude data such as “copybooks” that are used to parse COBOL programs.The mainframe deployment device 550 gets 1008 such parsing information,if required, and applies it. The mainframe deployment device 550 runs1012 a code quality scan to detect code quality issues including codesmells, security vulnerabilities, and code bugs. In some examples, themainframe deployment device 550 uses an external code review systemrunning code inspection programs to perform the code quality scan. Themainframe deployment device 550 processes 1014 code quality results fromthe code quality scan and, if needed, updates the external code reviewsystem with the code quality results. The mainframe deployment device550 also provides 1016 the code quality results to an approver. In someexamples, the approver is a programmatic function that determineswhether the code quality results satisfy programmatic criteria. In otherexamples, the approver is a human reviewer. The mainframe deploymentdevice 550 receives a response from the approver regarding whether thecode quality results meet 1018 a minimum code quality threshold. If thethreshold is met, the build succeeds 1022 and the project continues. Ifthe threshold is not met, the build fails 1024.

FIG. 11 is a flow diagram representing a pre-deployment test processperformed by the mainframe deployment system 500 of FIG. 5 . Themainframe deployment device 550 is also configured to request 640 thatthe at least one testing service 530 perform at least one set of codediagnostics to determine whether the code section satisfies buildrequirements. In some examples, the mainframe deployment device 550requests that the at least one testing service 530 perform apre-deployment test process. The testing service 530 obtains 1102 a listof proposed tests to be run on the proposed code. The testing servicealso obtains 1104 testing configurations associated with the obtainedlist of proposed tests. The testing service calls 1106 a test managerand requests that the test manager perform each of the tests in the listof proposed tests, pursuant to the test configurations. The testingservice waits 1108 for the test manager response and records 1110 theresults for each test. Results for each test may be indicated based onthe amount of successful behaviors or unsuccessful behaviors for eachtest. The testing service determines 1112 aggregate testing results anddetermines 1114 whether the aggregate testing goals are met. If alltests completed without errors, bugs, or exceptions, the pre-deploymentstest process concludes and the mainframe deployment process proceeds1122. If some tests were completed with errors, bugs, or exceptions, butthe aggregate testing goals are met, the testing service reports theerrors and the mainframe deployment process proceeds 1126. If theaggregate testing goals are not met, the build fails 1124.

FIG. 12 is a flow diagram representing a code coverage analysis processperformed by the mainframe deployment system 500 of FIG. 5 . Themainframe deployment device 550 is configured to perform the codecoverage analysis process after the testing process of FIG. 11 . Themainframe deployment device 550 determines 1202 whether code coveragedata is available. Code coverage data may be obtained during thepre-deployment test process described in FIG. 11 by determining thedegree to which the source code was executed when the tests of thepre-deployment test process were run. If code coverage data is notavailable, the mainframe deployment device 550 generates a warning andproceeds 1212. If code coverage data is available, the mainframedeployment device 550 obtains 1204 the code coverage data and determines1206 whether a minimum code coverage goal is met by comparing the codecoverage data to a minimum threshold for code coverage. If the minimumcode coverage goal is met, the mainframe deployment device 550 proceeds1208. If the minimum code coverage goal is not met, the mainframedeployment device 550 generates a warning, and proceeds 1214.

FIG. 13 a flow diagram representing an approval process performed by themainframe deployment system 500 of FIG. 5 . The mainframe deploymentdevice 550 is configured to perform the approval process. The mainframedeployment device 550 generates a build approval message 1302 to beprovided to an approver. The mainframe deployment device 550 determines1304 whether at least one communication service is configured. In someinstances, the communication service may be, for example, an instantmessaging service for use in project management. In other instances, thecommunication service may be any other suitable electronic messagingservice including, for example, e-mail. If the communication service isconfigured, the mainframe deployment device 550 generates 1306 a requestto be sent to the approver through the communications service(including, for example, e-mail or instant messaging). The mainframedeployment device 550 waits 1310 for a response from the approver. Themainframe deployment device 550 determines 1320 whether the response isan approval. If the response is an approval, the build succeeds 1322through this phase and the mainframe deployment device 550 proceeds. Ifthe response is not an approval or if the response comes after atime-out, the build fails 1324. As such, a build can only proceed if anapprover approves of the build within the pre-determined time-outwindow.

FIG. 14 a flow diagram representing a build package creation processperformed by the mainframe deployment system 500 of FIG. 5 . Themainframe deployment device 550 is configured to perform the buildpackage creation process. The mainframe deployment device 550 generates1402 a package instruction statement. As used herein, a packageinstruction statement is control information for a code release that maybe used to generate a package. The mainframe deployment device 550 maypre-process the package instruction statement prior to attempting tocreate a package based on it. For example, if the package instructionstatement is associated with a particular requirement (e.g., COBOL 6 mayrequire a processor group), the package instruction statement isadjusted to address such a requirement. The mainframe deployment device550 attempts to create 1404 a package based on the package instructionstatement. The mainframe deployment device 550 determines 1406 whetherthe package was created successfully. If the mainframe deployment 550device successfully creates the package, the build succeeds through thisstage and the mainframe deployment device proceeds 1408. If themainframe deployment device fails to create the package, the build failsand the mainframe deployment device sends a failure alert 1410.

FIG. 15 is a flow diagram representing a package casting processperformed by the mainframe deployment system 500 of FIG. 5 . Themainframe deployment device 550 is configured to perform the packagecasting process. The mainframe deployment device 550 sends a castrequest 1502 and determines 1504 whether the casting succeeded. If thecasting succeeded, the mainframe deployment device 550 proceeds 1540 andthe build continues through this stage. If the casting fails, themainframe deployment device 550 determines 1506 whether the castingresulted in synchronization errors. If the casting failed and there werenot synchronization errors, the mainframe deployment device 550determines that there was a failure, sends a failure alert 1530, and thebuild fails 1534. If the casting failed and there were synchronizationerrors, the mainframe deployment device 550 sends an error alert message1508 to an approver and waits 1510 for input approving the build overthe synchronization failures. The mainframe deployment device 550determines 1512 whether the synchronization failures were approvedwithin a time-out window. If the mainframe deployment device 550 failsto receive a response to the input within the time-out window or if theinput received is a rejection of approval, the mainframe deploymentdevice 550 determines that that there was a failure, sends a failurealert 1530, and the build fails 1534. If the mainframe deployment device550 receives an approval response to the input within the time-outwindow, the package instruction statement is updated 1514 to reflect theapproval and the mainframe deployment device 550 sends 1516 a castrequest. If the casting succeeded, the mainframe deployment device 550determines 1520 that the casting succeeded, proceeds 1540 and the buildcontinues through this stage. If the casting fails, the mainframedeployment device 550 determines 1520 that that there was a failure,sends a failure alert 1530, and the build fails 1534.

FIG. 16 is a flow diagram representing a package execution processperformed by the mainframe deployment system 500 of FIG. 5 . Themainframe deployment device 550 is configured to perform the packageexecution process. The mainframe deployment device 550 determines 1602whether approval is required prior to deployment. If the mainframedeployment device 550 determines that approval is required, themainframe deployment device 550 sends 1604 a request for approval anddetermines 1606 whether approval was received. If approval is notsuccessfully received, the mainframe deployment device 550 determines1608 that authentication failed and re-requests 1610 credentials forapproval. If the mainframe deployment device 550 determines 1606 thatapproval was received, or determines 1602 that approval was notrequired, the mainframe deployment device 550 determines 1620 whethersweep approval is required. If sweep approval is required, the mainframedeployment device 550 sends a request 1630 for sweep approval anddetermines whether sweep approval was received. After sweep approval isreceived (or if it is not required), the mainframe deployment device 550executes 1640 the package and determines 1650 whether it was successful.If the package execution is not determined to be successful, the buildfails 1652. If the package execution was successful, the mainframedeployment device 550 determines 1660 whether the package executionresulted in exceptions. If the mainframe deployment device 550determines 1660 the package execution did not create exceptions, themainframe deployment device proceeds 1662. If the mainframe deploymentdevice 550 determines 1662 the package execution created exceptions, themainframe deployment device 550 generates a warning and proceeds 1664.

FIG. 17 is a flow diagram representing a post-deployment test processperformed by the mainframe deployment system 500 of FIG. 5 . Themainframe deployment device 550 is also configured to request that thetesting service 530 perform a post-deployment test process. The testingservice 530 obtains 1702 a list of proposed tests to be run on thedeployed code. The testing service 530 also obtains 1704 testingconfigurations associated with the obtained list of proposed tests. Thetesting service 530 calls 1706 a test manager and requests that the testmanager perform each of the tests in the list of proposed tests,pursuant to the test configurations. The testing service waits 1708 forthe test manager response and records 1710 the results for each test.Results for each test may be indicated based on the amount of successfulbehaviors or unsuccessful behaviors for each test. The testing service530 determines 1712 aggregate testing results and determines 1714whether the aggregate testing goals are met. If all tests completedwithout errors, bugs, or exceptions, the post-deployments test processconcludes 1722. If some tests were completed with errors, bugs, orexceptions, but the aggregate testing goals are met, the testing servicereports the errors and the process concludes 1726. If the aggregatetesting goals are not met, the testing service 530 generates an alert.

FIG. 18 is a flow diagram 1800 representing a method for maintaining andsecuring mainframe codebases performed by the mainframe deploymentdevice 550 of the mainframe deployment system 500 (shown in FIG. 5 ).The processor of the mainframe deployment device 550 is configured toimport 1810 the mainframe codebase from the mainframe device, whereinthe mainframe codebase includes at least one code region including atleast one code element. The processor of the mainframe deployment device550 is also configured to identify 1820 the at least one code region ofthe mainframe codebase and to initialize 1830 a branch repositorycorresponding to at least one identified code region. The processor ofthe mainframe deployment device 550 is also configured to query 1840 theimported mainframe codebase to identify, for the code elements, a useridentifier indicating an owner of the respective code element and asource region representing the code region of the respective codeelement. The processor of the mainframe deployment device 550 is alsoconfigured to populate 1850 the branch repositories with the codeelements based on the respective source region. The processor of themainframe deployment device 550 is also configured to apply 1860 a codequality scan to the populated branch repositories to identify a codequality issue in the respective code elements. The processor of themainframe deployment device 550 is also configured to submit 1870 atleast one code element having an identified code quality issue to a userdevice associated with the respective user identifier to correct thecode quality issues.

FIG. 19 is a diagram of elements of one or more example computingdevices that may be used in the system shown in FIGS. 1-5 . As describedherein, the elements 1902, 1904, 1906, 1908, 1910, 1912, and 1914 areconfigured to perform the processes and methods described herein. Branchrepository management subsystem 1902 is configured to initialize,populate, update, and manage the branch repositories. List managementsubsystem 1904 is configured to provide the functions of generating,updating, and utilizing the list of code elements described herein. Mapmanagement subsystem 1906 is configured to generate maps used to assigncode elements to users for review. Code quality scan subsystem 1908 isconfigured to perform scans to identify code quality issues, determinecode quality types, determine code quality issue severity, and determinecode quality scores and metrics. Code security system 1910 is configuredto perform scans to identify sensitive information that may pose asecurity issue, to determine code security types, determine codesecurity issue severity, and determine code security scores and metrics.Delegation subsystem 1912 is configured to manage user assignment ofcode elements to review and correct. Update subsystem 1914 is configuredto update code branches and mainframe codebases based on updated codeelements received from users.

FIG. 20 is a flow diagram 2000 of a process performed by the mainframedeployment device to provide maintenance, testing, and QA to a mainframecodebase. Generally, diagram 2000 illustrates the process of importingmainframe codebases, populating branch repositories, and generatinglists and maps. Mainframe deployment device 550 is configured to scan amainframe codebase on the mainframe device and identify 2002 coderegions. Mainframe deployment device 550 determines 2004 whether acorresponding branch repository exists for each code region identified.If yes, mainframe deployment device 550 obtains 2006 populated branchesand most recent updates. If no, mainframe deployment device 550 creates2008 empty branches for the repository. Mainframe deployment device 550obtains 2010 elements from a mainframe codebase and initializes 2012 adownload list including code elements, code users, and code timestamps.Mainframe deployment device 550 iteratively populates and updates 2014each list of element details with code element records sorted bytimestamp and user. In some examples, mainframe deployment device 550also populates and updates each corresponding branch repository.Mainframe deployment device 550 creates 2016 code element maps based onthe list of code element details and downloads 2018 elements based onelement maps. Mainframe deployment device 550 may also delegate orassign code elements that are downloaded based on the user maps andmanage such delegation. In some examples, mainframe deployment device550 also receives corrected code elements and updates the mainframecodebase.

FIG. 21 is a flow diagram of a process 2100 performed by the mainframedeployment device 550 to secure a mainframe codebase. In the illustratedexample, mainframe deployment device 550 (shown here as mainframedeployment device 2102) accesses multiple interfaces including amainframe service application programmer interface (“API”) 2112, otherAPIs 2114, and repository APIs 2116. In some examples, repository APIs2116 may provide services including code security scans, code qualityscans, and related services. In other examples, such services areavailable natively on mainframe deployment device 550 or through otherdevices. Mainframe deployment device 550 calls code security scan 2122which provides the services described above. Scan 2122 also publishesscan results to scan database 2132 which may be used to drive scandetections trend reporting 2142 (to identify, for example, increases orchanges in rates of sensitive information in mainframe codebases) orreporting 2144 (to show, for example, aggregate statistics and dataregarding sensitive information). Scan database 213 may also be incommunication with an application for a scan dashboard 2152 used toupdate a user about code security scans.

The foregoing description is merely illustrative in nature and is in noway intended to limit the disclosure, its application, or uses. Thebroad teachings of the disclosure can be implemented in a variety offorms. Therefore, while this disclosure includes particular examples,the true scope of the disclosure should not be so limited since othermodifications will become apparent upon a study of the drawings, thespecification, and the following claims. It should be understood thatone or more steps within a method may be executed in different order (orconcurrently) without altering the principles of the present disclosure.Further, although each of the embodiments is described above as havingcertain features, any one or more of those features described withrespect to any embodiment of the disclosure can be implemented in and/orcombined with features of any of the other embodiments, even if thatcombination is not explicitly described. In other words, the describedembodiments are not mutually exclusive, and permutations of one or moreembodiments with one another remain within the scope of this disclosure.

Spatial and functional relationships between elements (for example,between modules) are described using various terms, including“connected,” “engaged,” “interfaced,” and “coupled.” Unless explicitlydescribed as being “direct,” when a relationship between first andsecond elements is described in the above disclosure, that relationshipencompasses a direct relationship where no other intervening elementsare present between the first and second elements, and also an indirectrelationship where one or more intervening elements are present (eitherspatially or functionally) between the first and second elements. Asused herein, the phrase at least one of A, B, and C should be construedto mean a logical (A OR B OR C), using a non-exclusive logical OR, andshould not be construed to mean “at least one of A, at least one of B,and at least one of C.”

In the figures, the direction of an arrow, as indicated by thearrowhead, generally demonstrates the flow of information (such as dataor instructions) that is of interest to the illustration. For example,when element A and element B exchange a variety of information butinformation transmitted from element A to element B is relevant to theillustration, the arrow may point from element A to element B. Thisunidirectional arrow does not imply that no other information istransmitted from element B to element A. Further, for information sentfrom element A to element B, element B may send requests for, or receiptacknowledgements of, the information to element A. The term subset doesnot necessarily require a proper subset. In other words, a first subsetof a first set may be coextensive with (equal to) the first set.

In this application, including the definitions below, the term “module”or the term “controller” may be replaced with the term “circuit.” Theterm “module” may refer to, be part of, or include processor hardware(shared, dedicated, or group) that executes code and memory hardware(shared, dedicated, or group) that stores code executed by the processorhardware.

The module may include one or more interface circuits. In some examples,the interface circuit(s) may implement wired or wireless interfaces thatconnect to a local area network (LAN) or a wireless personal areanetwork (WPAN). Examples of a LAN are Institute of Electrical andElectronics Engineers (IEEE) Standard 802.11-2016 (also known as theWIFI wireless networking standard) and IEEE Standard 802.3-2015 (alsoknown as the ETHERNET wired networking standard). Examples of a WPAN arethe BLUETOOTH wireless networking standard from the Bluetooth SpecialInterest Group and IEEE Standard 802.15.4.

The module may communicate with other modules using the interfacecircuit(s). Although the module may be depicted in the presentdisclosure as logically communicating directly with other modules, invarious implementations the module may actually communicate via acommunications system. The communications system includes physicaland/or virtual networking equipment such as hubs, switches, routers, andgateways. In some implementations, the communications system connects toor traverses a wide area network (WAN) such as the Internet. Forexample, the communications system may include multiple LANs connectedto each other over the Internet or point-to-point leased lines usingtechnologies including Multiprotocol Label Switching (MPLS) and virtualprivate networks (VPNs).

In various implementations, the functionality of the module may bedistributed among multiple modules that are connected via thecommunications system. For example, multiple modules may implement thesame functionality distributed by a load balancing system. In a furtherexample, the functionality of the module may be split between a server(also known as remote, or cloud) module and a client (or, user) module.

The term code, as used above, may include software, firmware, and/ormicrocode, and may refer to programs, routines, functions, classes, datastructures, and/or objects. Shared processor hardware encompasses asingle microprocessor that executes some or all code from multiplemodules. Group processor hardware encompasses a microprocessor that, incombination with additional microprocessors, executes some or all codefrom one or more modules. References to multiple microprocessorsencompass multiple microprocessors on discrete dies, multiplemicroprocessors on a single die, multiple cores of a singlemicroprocessor, multiple threads of a single microprocessor, or acombination of the above.

Shared memory hardware encompasses a single memory device that storessome or all code from multiple modules. Group memory hardwareencompasses a memory device that, in combination with other memorydevices, stores some or all code from one or more modules.

The term memory hardware is a subset of the term computer-readablemedium. The term computer-readable medium, as used herein, does notencompass transitory electrical or electromagnetic signals propagatingthrough a medium (such as on a carrier wave). The term computer-readablemedium is therefore considered tangible and non-transitory. Non-limitingexamples of a non-transitory computer-readable medium are nonvolatilememory devices (such as a flash memory device, an erasable programmableread-only memory device, or a mask read-only memory device), volatilememory devices (such as a static random access memory device or adynamic random access memory device), magnetic storage media (such as ananalog or digital magnetic tape or a hard disk drive), and opticalstorage media (such as a CD, a DVD, or a Blu-ray Disc).

The apparatuses and methods described in this application may bepartially or fully implemented by a special purpose computer created byconfiguring a general purpose computer to execute one or more particularfunctions embodied in computer programs. The functional blocks andflowchart elements described above serve as software specifications,which can be translated into the computer programs by the routine workof a skilled technician or programmer.

The computer programs include processor-executable instructions that arestored on at least one non-transitory computer-readable medium. Thecomputer programs may also include or rely on stored data. The computerprograms may encompass a basic input/output system (BIOS) that interactswith hardware of the special purpose computer, device drivers thatinteract with particular devices of the special purpose computer, one ormore operating systems, user applications, background services,background applications, etc.

The computer programs may include: (i) descriptive text to be parsed,such as HTML (hypertext markup language), XML (extensible markuplanguage), or JSON (JavaScript Object Notation), (ii) assembly code,(iii) object code generated from source code by a compiler, (iv) sourcecode for execution by an interpreter, (v) source code for compilationand execution by a just-in-time compiler, etc. As examples only, sourcecode may be written using syntax from languages including C, C++, C#,Objective-C, Swift, Haskell, Go, SQL, R, Lisp, Java®, Fortran, Perl,Pascal, Curl, OCaml, Javascript®, HTML5 (Hypertext Markup Language 5threvision), Ada, ASP (Active Server Pages), PUP (PUP: HypertextPreprocessor), Scala, Eiffel, Smalltalk, Erlang, Ruby, Flash®, VisualBasic®, Lua, MATLAB, SIMULINK, and Python®.

What is claimed is:
 1. A quality assurance system for maintenance andsecurity of mainframe codebases, comprising: a mainframe deviceincluding a mainframe processor and a mainframe memory, said mainframememory including a mainframe codebase; and a mainframe deployment deviceincluding a processor and a memory device, wherein the mainframedeployment device is in communication with the mainframe device, whereinthe processor is configured to: import the mainframe codebase from themainframe device, wherein the mainframe codebase includes a plurality ofcode regions, each including a plurality of code elements; identify atleast one code region of the plurality of code regions; initialize abranch repository corresponding to the identified at least one coderegion; query the imported mainframe codebase to identify, for at leastone code element of the plurality of code elements, a user identifierindicating an owner of the at least one code element, a source regionrepresenting the at least one code region, and a timestamp indicating acreation time of the at least one code element; populate the branchrepository with the at least one code element based on the source regionand the timestamp; apply a code quality scan to the populated branchrepository to identify a code quality issue in the at least one codeelement, a classification of the identified code quality issue, and aseverity of the identified code quality issue, the classificationincluding at least one of a code smell, a code bug, a codevulnerability, and a code hot spot; apply a code security scan to thepopulated branch repository to identify a security issue in the at leastone code element and resolve the identified security issue in the atleast one code element; assign the at least one code element having theidentified code quality issue to the user identifier based at leastpartially on the timestamp; and route the at least one code elementhaving the identified code quality issue and an indication of theclassification and the severity of the code quality issue to a userdevice associated with the user identifier to correct the code qualityissue in the at least code element.
 2. The system of claim 1, whereinthe processor is further configured to: generate, for the branchrepository, a list of element details including a code elementidentifier distinctly identifying the at least one code element, theuser identifier for the at least one code element, and the source regionfor the at least one code element.
 3. The system of claim 2, wherein theprocessor is further configured to: generate, for the branch repository,the list of element details including the timestamp of the at least onecode element; and sort the list of element details based, at leastpartially, on the timestamps.
 4. The system of claim 1, wherein theprocessor is further configured to: altering the at least one codeelement.
 5. The system of claim 1, wherein the processor is furtherconfigured to: determine a severity associated with the security issuebased on the at least one code region, wherein the severity associatedwith the security issue is one of a low risk, a medium risk, and a highrisk, and wherein the severity of the identified code quality issue isone of a blocker code issue that is highly likely to cause significantadverse impact, a critical code issue that is likely to causesignificant adverse impact, a major code issue that is highly likely tocause a minor adverse impact, or a minor code issue that is likely tocause a minor adverse impact.
 6. The system of claim 1, wherein theprocessor is further configured to: generate statistics associated withthe identified code quality issue including at least one of a totalnumber of code smells, a total numbers of code bugs, a total number ofcode vulnerabilities, a total numbers of code hot spots, an estimatedtechnical debt indicating an estimated effort to resolve the identifiedcode quality issue, a maintainability rating indicating an estimatedremediation cost for resolving the identified code quality issue ascompared to an estimated cost of developing the mainframe codebase, anda reliability rating indicating a proportion of the identified codequality issue determined to be highly likely to cause significantadverse impact; and provide the statistics associated with theidentified code quality issue.
 7. The system of claim 1, wherein theprocessor is further configured to: route the at least one code elementhaving the identified code quality issue along with instructions on howto remediate the code quality issue based on a pattern of the at leastone of the code smell, the code bug, the code vulnerability, and thecode hot spot.
 8. A mainframe deployment device for providing mainframecodebase maintenance and security, the mainframe deployment deviceincluding a processor and a memory device, the mainframe deploymentdevice in communication with a mainframe device including a mainframeprocessor and a mainframe memory, the mainframe memory including amainframe codebase, wherein the processor is configured to: import themainframe codebase from the mainframe device, wherein the mainframecodebase includes a plurality of code regions, each including aplurality of code elements; identify at least one code region of theplurality of code regions; initialize a branch repository correspondingto the identified at least one code region; query the imported mainframecodebase to identify, for at least one code element of the plurality ofcode elements, a user identifier indicating an owner of the at least onecode element, a source region representing the at least one code region,and a timestamp indicating a creation time of the at least one codeelement; populate the branch repository with the at least one codeelement based on the source region and the timestamp; apply a codequality scan to the populated branch repository to identify a codequality issue in the at least one code element, a classification of theidentified code quality issue, and a severity of the identified codequality issue, the classification including at least one of a codesmell, a code bug, a code vulnerability, and a code hot spot; apply acode security scan to the populated branch repository to identify asecurity issue in the at least one code element and resolve theidentified security issue in the at least one code element; assign theat least one code element having the identified code quality issue tothe user identifier based at least partially on the timestamp; and routethe at least one code element having the identified code quality issueand an indication of the classification and the severity of the codequality issue to a user device associated with the user identifier tocorrect the code quality issue in the at least code element.
 9. Themainframe deployment device of claim 8, wherein the processor is furtherconfigured to: generate, for the branch repository, a list of elementdetails including a code element identifier distinctly identifying theat least one code element, the user identifier for the at least one codeelement, and the source region for the at least one code element. 10.The mainframe deployment device of claim 9, wherein the processor isfurther configured to: generate, for the branch repository, the list ofelement details including the timestamp of the at least one codeelement; and sort the list of element details based, at least partially,on the timestamps.
 11. The mainframe deployment device of claim 8,wherein the processor is further configured to: altering the at leastone code element.
 12. A method for providing mainframe codebasemaintenance and security, the method performed by a mainframe deploymentdevice including a processor and a memory, the method comprising:importing the mainframe codebase from a mainframe device, wherein themainframe codebase includes a plurality of code regions, each includinga plurality of code elements; identifying at least one code region ofthe plurality of code regions; initializing a branch repositorycorresponding to the identified at least one code region; querying theimported mainframe codebase to identify, for at least one code elementof the plurality of code elements, a user identifier indicating an ownerof the at least one code element, a source region representing the coderegion, and a timestamp indicating a creation time of the at least onecode element; populating the branch repository with the at least onecode element based on the source region and the timestamp; applying acode quality scan to the populated branch repository to identify a codequality issue in the at least one code element, a classification of theidentified code quality issue, and a severity of the identified codequality issue, the classification including at least one of a codesmell, a code bug, a code vulnerability, and a code hot spot; applying acode security scan to the populated branch repository to identify asecurity issue in the at least one code element and resolve theidentified security issue in the at least one code element; assigningthe at least one code element having the identified code quality issueto the user identifier based at least partially on the timestamp; androute the at least one code element having the identified code qualityissue and an indication of the classification and the severity of thecode quality issue to a user device associated with the user identifierto correct the code quality issue in the at least code element.
 13. Themethod of claim 12, further comprising: generating, for the branchrepository, a list of element details including a code elementidentifier distinctly identifying the at least one code element, theuser identifier for the at least one code element, and the source regionfor the at least one code element.
 14. The method of claim 13, furthercomprising: generating, for the branch repository, the list of elementdetails including the timestamp of the at least one code element; andsorting the list of element details based, at least partially, on thetimestamps.